Search results for: phishing attacks

Authors: Arif Anwar Surani, Salman Ali, Asif Surani, Sohaib Zahid, Akbar Shoukat Ali, Zeeshan-Ul-Hassan Usmani, Joseph Varon, Salim Surani

Abstract:

Objective: Terrorism and suicidal bomb blast attacks are commonplace in Karachi, Pakistan. During the years 2000 to 2007, there were over 60 bomb explosions resulting in more than 1500 casualties. These explosions produce a wide variety of external injuries. We undertook this study to evaluate pattern of external injury produced after bomb blast attacks and to compare injury profile resulting from explosions in open versus semi-confined blast environments. Method: A retrospective, cross-sectional, study was conducted to review injuries sustained after bomb blast attacks in Karachi, Pakistan, from January 2000 to October 2007. Emergency medical records and medico legal certificates of patients presented to three major public sector hospitals of Karachi were evaluated using self-design proforma. Results: Data of 481 victims meet inclusion criteria and were incorporated for final analysis. Of these, 63.6% were injured in open spaces and 36.4% were injured in semi-confined blast environments. Lacerations were commonly encountered as external injury (47.7%) followed by penetrating wounds (15.3%). Lower and upper extremities were most commonly affected (38.6% and 19% respectively). Open and semi-confined blast environments produced a specific injury pattern and profile (p=<0.001). Conclusions: Bomb blast attacks in Karachi produce an external injury pattern consistent with other studies, with exception of an increased frequency in penetrating wounds. Semi-confined blast environments were associated with severe injuries. Further studies are required to better classify injuries and their severity based on standardized scoring systems. Effective emergency response systems must be designed to cope with mass causalities following bomb explosions.

Keywords: bomb blast attacks, injury pattern, external injury, open space, semi-confined space, blast environment

Procedia PDF Downloads 375

Authors: M. Sandhya, R. M. Madhumitha, Sharmila Sankar

Abstract:

Interoperable medical devices (IMDs) face threats due to the increased attack surface accessible by interoperability and the corresponding infrastructure. Initiating networking and coordination functionalities primarily modify medical systems' security properties. Understanding the threats is a vital first step in ultimately crafting security solutions for such systems. The key to this problem is coming up with some common types of threats or attacks with those of security and privacy, and providing this information as a roadmap. This paper analyses the security issues in interoperability of devices and presents the main types of threats that have to be considered to build a secured system.

Keywords: interoperability, threats, attacks, medical devices

Procedia PDF Downloads 305

Authors: Mohan Ramasundaram, Amutha Prabakar Muniyandi

Abstract:

Remote user authentication is one of the important tasks for any kind of remote server applications. Several remote authentication schemes are proposed by the researcher for Telecare Medicine Information System (TMIS). Most of the existing techniques have limitations, vulnerable to various kind attacks, lack of functionalities, information leakage, no perfect forward security and ineffectiveness. Authentication is a process of user verification mechanism for allows him to access the resources of a server. Nowadays, most of the remote authentication protocols are using two-factor authentications. We have made a survey of several remote authentication schemes using three factors and this survey shows that the most of the schemes are inefficient and subject to several attacks. We observed from the experimental evaluation; the proposed scheme is very secure against various known attacks that include replay attack, man-in-the-middle attack. Furthermore, the analysis based on the communication cost and computational cost estimation of the proposed scheme with related schemes shows that our proposed scheme is efficient.

Keywords: Telecare Medicine Information System, elliptic curve cryptography, three-factor, biometric, random oracle

Procedia PDF Downloads 197

Authors: O. Fayomi, F. Chidozie, C. Ayo

Abstract:

The underlying causes of xenophobia are complex and varied. Xenophobia has to do with being contemptuous of that which is foreign, especially of strangers or of people from different countries or cultures. Unemployment and mounting poverty among South Africans at the bottom of the economic ladder have provoked fears of the competition that better educated and experienced migrants can represent. South Africa’s long track-record of violence as a means of protest and the targeting of foreigners in particular, and, the documented tensions over migration policy and the scale of repatriation serve a very good explanation for its xenophobia. It was clear that while most of the attacks were directed against foreign, primarily African, migrants, this was not the rule. Attacks were also noted against Chinese-speakers, Pakistani migrants as well as against South Africans from minority language groups (in the conflict areas). Settlements that have recently experienced the expression of ‘xenophobic’ violence have also been the site of violent and other forms of protest around other issues, most notably service delivery. The failure of government in service delivery was vexed on this form of xenophobia. Due to the increase in migration, this conflict is certainly not temporary in nature. Xenophobia manifests in different regions and communities with devastating effects on the affected nationals. Nigerians living in South Africa have been objects of severe attacks and assault as a result of this xenophobic attitude. It is against this background that this study seeks to investigate the xenophobic attacks against Nigerians in South Africa. The methodology is basically qualitative with the use of secondary sources such as books, journals, newspapers and internet sources.

Keywords: xenophobia, unemployment, poverty, Nigeria, South Africa

Procedia PDF Downloads 449

Authors: Ayubi Wirara, Ardya Suryadinata

Abstract:

Improper application of the RSA algorithm scheme can cause vulnerability to attacks. The attack utilizes the relationship between broadcast messages sent to the user with some fixed polynomial functions that belong to each user. Scheme attacks carried out by applying the Chinese Remainder Theorem to obtain a general polynomial equation with the same modulus. The formation of the general polynomial becomes a first step to get back the original message. Furthermore, to solve these equations can use Coppersmith's theorem.

Keywords: RSA algorithm, broadcast message, Chinese Remainder Theorem, Coppersmith’s theorem

Procedia PDF Downloads 306

Authors: Borhan Marzougui

Abstract:

Road and Transport Authority (RTA) is moving ahead with the implementation of the leader’s vision in exploring all avenues that may bring better security and safety services to the community. Smart transport means using smart technologies such as IoT (Internet of Things). This technology continues to affirm its important role in the context of Information and Transportation Systems. In fact, IoT is a network of Internet-connected objects able to collect and exchange different data using embedded sensors. With the growth of IoT, Distributed Denial of Service (DDoS) attacks is also growing exponentially. DDoS attacks are the major and a real threat to various transportation services. Currently, the defense mechanisms are mainly passive in nature, and there is a need to develop a smart technique to handle them. In fact, new IoT devices are being used into a botnet for DDoS attackers to accumulate for attacker purposes. The aim of this paper is to provide a relevant understanding of dangerous types of DDoS attack related to IoT and to provide valuable guidance for the future IoT security method. Our methodology is based on development of the distributed algorithm. This algorithm manipulates dedicated intelligent and cooperative agents to prevent and to mitigate DDOS attacks. The proposed technique ensure a preventive action when a malicious packets start to be distributed through the connected node (Network of IoT devices). In addition, the devices such as camera and radio frequency identification (RFID) are connected within the secured network, and the data generated by it are analyzed in real time by intelligent and cooperative agents. The proposed security system is based on a multi-agent system. The obtained result has shown a significant reduction of a number of infected devices and enhanced the capabilities of different security dispositives.

Keywords: IoT, DDoS, attacks, botnet, security, agents

Procedia PDF Downloads 117

Authors: Nir Nissim, Erez Shalom, Tomer Lancewiki, Yuval Elovici, Yuval Shahar

Abstract:

Background: A Medical Device (MD) is an instrument, machine, implant, or similar device that includes a component intended for the purpose of the diagnosis, cure, treatment, or prevention of disease in humans or animals. Medical devices play increasingly important roles in health services eco-systems, including: (1) Patient Diagnostics and Monitoring; Medical Treatment and Surgery; and Patient Life Support Devices and Stabilizers. MDs are part of the medical device eco-system and are connected to the network, sending vital information to the internal medical information systems of medical centers that manage this data. Wireless components (e.g. Wi-Fi) are often embedded within medical devices, enabling doctors and technicians to control and configure them remotely. All these functionalities, roles, and uses of MDs make them attractive targets of cyber-attacks launched for many malicious goals; this trend is likely to significantly increase over the next several years, with increased awareness regarding MD vulnerabilities, the enhancement of potential attackers’ skills, and expanded use of medical devices. Significance: We propose to develop and implement Cyber-Med, a unique collaborative project of Ben-Gurion University of the Negev and the Clalit Health Services Health Maintenance Organization. Cyber-Med focuses on the development of a comprehensive detection framework that relies on a critical attack repository that we aim to create. Cyber-Med will allow researchers and companies to better understand the vulnerabilities and attacks associated with medical devices as well as providing a comprehensive platform for developing detection solutions. Methodology: The Cyber-Med detection framework will consist of two independent, but complementary detection approaches: one for known attacks, and the other for unknown attacks. These modules incorporate novel ideas and algorithms inspired by our team's domains of expertise, including cyber security, biomedical informatics, and advanced machine learning, and temporal data mining techniques. The establishment and maintenance of Cyber-Med’s up-to-date attack repository will strengthen the capabilities of Cyber-Med’s detection framework. Major Findings: Based on our initial survey, we have already found more than 15 types of vulnerabilities and possible attacks aimed at MDs and their eco-system. Many of these attacks target individual patients who use devices such pacemakers and insulin pumps. In addition, such attacks are also aimed at MDs that are widely used by medical centers such as MRIs, CTs, and dialysis engines; the information systems that store patient information; protocols such as DICOM; standards such as HL7; and medical information systems such as PACS. However, current detection tools, techniques, and solutions generally fail to detect both the known and unknown attacks launched against MDs. Very little research has been conducted in order to protect these devices from cyber-attacks, since most of the development and engineering efforts are aimed at the devices’ core medical functionality, the contribution to patients’ healthcare, and the business aspects associated with the medical device.

Keywords: medical device, cyber security, attack, detection, machine learning

Procedia PDF Downloads 329

Authors: Vishnu Pratap Singh Kirar

Abstract:

Wireless sensor network (WSN) is a network of many interconnected networked systems, they equipped with energy resources and they are used to detect other physical characteristics. On WSN, there are many researches are performed in past decades. WSN applicable in many security systems govern by military and in many civilian related applications. Thus, the security of WSN gets attention of researchers and gives an opportunity for many future aspects. Still, there are many other issues are related to deployment and overall coverage, scalability, size, energy efficiency, quality of service (QoS), computational power and many more. In this paper we discus about various applications and security related issue and requirements of WSN.

Keywords: wireless sensor network (WSN), wireless network attacks, wireless network security, security requirements

Procedia PDF Downloads 456

Authors: Nayyra Zeb, Fu Qiang, Sundas Rauf

Abstract:

Foreign Direct Investment (FDI) is often seen as a significant factor of economic development in developing countries like Pakistan. The aim of this article is to investigate the effect of FDI on Pakistan’s economic growth during 1972–2012. Besides FDI, three other variables such as trade openness, political instability and terrorist attacks are also used in this study. The least square method has been applied to check the effect of these variables on GDP of Pakistan. The results show that FDI has a positive significant effect on economic growth of Pakistan.

Keywords: FDI inflows, trade openness, political instability, terrorist attacks

Procedia PDF Downloads 432

Authors: Paria Soleimani, Arezoo Neshati

Abstract:

Myocardial infarction is one of the leading causes of ‎death in the world. Some of these deaths occur even before the patient ‎reaches the hospital. Myocardial infarction occurs as a result of ‎impaired blood supply. Because the most of these deaths are due to ‎coronary artery disease, hence the awareness of the warning signs of a ‎heart attack is essential. Some heart attacks are sudden and intense, but ‎most of them start slowly, with mild pain or discomfort, then early ‎detection and successful treatment of these symptoms is vital to save ‎them. Therefore, importance and usefulness of a system designing to ‎assist physicians in the early diagnosis of the acute heart attacks is ‎obvious.‎ The purpose of this study is to determine how well a predictive ‎model would perform based on the only patient-reportable clinical ‎history factors, without using diagnostic tests or physical exams. This ‎type of the prediction model might have application outside of the ‎hospital setting to give accurate advice to patients to influence them to ‎seek care in appropriate situations. For this purpose, the data were ‎collected on 711 heart patients in Iran hospitals. 28 attributes of clinical ‎factors can be reported by patients; were studied. Three logistic ‎regression models were made on the basis of the 28 features to predict ‎the risk of heart attacks. The best logistic regression model in terms of ‎performance had a C-index of 0.955 and with an accuracy of 94.9%. ‎The variables, severe chest pain, back pain, cold sweats, shortness of ‎breath, nausea, and vomiting were selected as the main features.‎

Keywords: Coronary heart disease, Acute heart attacks, Prediction, Logistic ‎regression‎

Procedia PDF Downloads 427

Authors: Hafiz Gulfam Ahmad, Chuangdong Li, Zeeshan Ahmad

Abstract:

In this paper, we proposed a parallel IDS and honeypot based approach to detect and analyze the unknown and known attack taxonomy for improving the IDS performance and protecting the network from intruders. The main theme of our approach is to record and analyze the intruder activities by using both the low and high interaction honeypots. Our architecture aims to achieve the required goals by combing signature based IDS, honeypots and generate the new signatures. The paper describes the basic component, design and implementation of this approach and also demonstrates the effectiveness of this approach reducing the probability of network attacks.

Keywords: network security, intrusion detection, honeypot, snort, nmap

Procedia PDF Downloads 529

Authors: Dimitriya A. Mihaylova, Zlatka V. Valkova-Jarvis, Georgi L. Iliev

Abstract:

One possible approach for maintaining the security of communication systems relies on Physical Layer Security mechanisms. However, in wireless time division duplex systems, where uplink and downlink channels are reciprocal, the channel estimate procedure is exposed to attacks known as pilot contamination, with the aim of having an enhanced data signal sent to the malicious user. The Shifted 2-N-PSK method involves two random legitimate pilots in the training phase, each of which belongs to a constellation, shifted from the original N-PSK symbols by certain degrees. In this paper, legitimate pilots’ offset values and their influence on the detection capabilities of the Shifted 2-N-PSK method are investigated. As the implementation of the technique depends on the relation between the shift angles rather than their specific values, the optimal interconnection between the two legitimate constellations is investigated. The results show that no regularity exists in the relation between the pilot contamination attacks (PCA) detection probability and the choice of offset values. Therefore, an adversary who aims to obtain the exact offset values can only employ a brute-force attack but the large number of possible combinations for the shifted constellations makes such a type of attack difficult to successfully mount. For this reason, the number of optimal shift value pairs is also studied for both 100% and 98% probabilities of detecting pilot contamination attacks. Although the Shifted 2-N-PSK method has been broadly studied in different signal-to-noise ratio scenarios, in multi-cell systems the interference from the signals in other cells should be also taken into account. Therefore, the inter-cell interference impact on the performance of the method is investigated by means of a large number of simulations. The results show that the detection probability of the Shifted 2-N-PSK decreases inversely to the signal-to-interference-plus-noise ratio.

Keywords: channel estimation, inter-cell interference, pilot contamination attacks, wireless communications

Procedia PDF Downloads 189

Authors: Maleh Yassine, Ezzati Abdellah

Abstract:

Wireless Sensor Networks (WSNs) are currently used in different industrial and consumer applications, such as earth monitoring, health related applications, natural disaster prevention, and many other areas. Security is one of the major aspects of wireless sensor networks due to the resource limitations of sensor nodes. However, these networks are facing several threats that affect their functioning and their life. In this paper we present security attacks in wireless sensor networks, and we focus on a review and analysis of the recent Intrusion Detection schemes in WSNs.

Keywords: wireless sensor networks, security attack, denial of service, IDS, cluster-based model, signature based IDS, hybrid IDS

Procedia PDF Downloads 346

Authors: Wafa' Slaibi Alsharafat

Abstract:

Cloud computing is a modern approach in network environment. According to increased number of network users and online systems, there is a need to help these systems to be away from unauthorized resource access and detect any attempts for privacy contravention. For that purpose, Intrusion Detection System is an effective security mechanism to detect any attempts of attacks for cloud resources and their information. In this paper, Cloud Intrusion Detection System has been proposed in term of reducing or eliminating any attacks. This model concerns about achieving high detection rate after conducting a set of experiments using benchmarks dataset called KDD'99.

Keywords: IDS, cloud computing, anticipating classifier system, intrusion detection

Procedia PDF Downloads 446

Authors: Tamanna Goyal, Divya Bansal, Sanjeev Sofat

Abstract:

In world-threatening terrorist attacks, where early detection, distinction, and prediction are effective diagnosis techniques and for functionally accurate and precise analysis of terrorism data, there are so many data mining & statistical approaches to assure accuracy. The computational extraction of derived patterns is a non-trivial task which comprises specific domain discovery by means of sophisticated algorithm design and analysis. This paper proposes an approach for similarity extraction by obtaining the useful attributes from the available datasets of terrorist attacks and then applying feature selection technique based on the statistical impurity measures followed by clustering techniques on the basis of similarity measures. On the basis of degree of participation of attributes in the rules, the associative dependencies between the attacks are analyzed. Consequently, to compute the similarity among the discovered rules, we applied a weighted similarity measure. Finally, the rules are grouped by applying using hierarchical clustering. We have applied it to an open source dataset to determine the usability and efficiency of our technique, and a literature search is also accomplished to support the efficiency and accuracy of our results.

Keywords: association rules, clustering, similarity measure, statistical approaches

Procedia PDF Downloads 293

Authors: Nidal F. Shilbayeh, Belal AbuHaija, Zainab N. Al-Qudsy

Abstract:

In this paper, a hybrid blind digital watermarking system using Discrete Wavelet Transform (DWT) and Contourlet Transform (CT) has been implemented and tested. The implemented combined digital watermarking system has been tested against five common types of image attacks. The performance evaluation shows improved results in terms of imperceptibility, robustness, and high tolerance against these attacks; accordingly, the system is very effective and applicable.

Keywords: discrete wavelet transform (DWT), contourlet transform (CT), digital image watermarking, copyright protection, geometric attack

Procedia PDF Downloads 363

Authors: Dilip Singh Sisodia, Shrish Verma

Abstract:

Spamming is the most common issue seen nowadays in the Internet especially in Online Social Networking Sites (like Facebook, Twitter, and Google+ etc.). Spam messages keep wasting Internet bandwidth and the storage space of servers. On social network sites; spammers often disguise themselves by creating fake accounts and hijacking user’s accounts for personal gains. They behave like normal user and they continue to change their spamming strategy. To prevent this, most modern spam-filtering solutions are deployed on the receiver side; they are good at filtering spam for end users. In this paper we are presenting some spamming techniques their behaviour and possible solutions. We have analyzed how Spammers enters into online social networking sites (OSNSs) and how they target it and the techniques they use for it. The five discussed techniques of spamming techniques which are clickjacking, social engineered attacks, cross site scripting, URL shortening, and drive by download. We have used elgg framework for demonstration of some of spamming threats and respective implementation of solutions.

Keywords: online social networking sites, spam, attacks, internet, clickjacking / likejacking, drive-by-download, URL shortening, networking, socially engineered attacks, elgg framework

Procedia PDF Downloads 306

Authors: Ismail Haddad, Djamel Herbadji, Aissa Belmeguenai, Selma Boumerdassi

Abstract:

in this paper, we provide a novel approach for image encryption that employs the Fibonacci matrix and an enhanced fractional order chaotic map. The enhanced map overcomes the drawbacks of the classical map, especially the limited chaotic range and non-uniform distribution of chaotic sequences, resulting in a larger encryption key space. As a result, this strategy improves the encryption system's security. Our experimental results demonstrate that our proposed algorithm effectively encrypts grayscale images with exceptional efficiency. Furthermore, our technique is resistant to a wide range of potential attacks, including statistical and entropy attacks.

Keywords: image encryption, logistic map, fibonacci matrix, grayscale images

Procedia PDF Downloads 276

Authors: Sayor Ajfar Aaron, Ashif Newaz, Sajjat Hossain Abir, Mushfiqur Rahman

Abstract:

This paper examines the transformative potential of quantum computing in the field of cybersecurity, with a focus on advanced penetration testing and forensics. It explores how quantum technologies can be leveraged to identify and exploit vulnerabilities more efficiently than traditional methods and how they can enhance the forensic analysis of cyber-attacks. Through theoretical analysis and practical simulations, this study highlights the enhanced capabilities of quantum algorithms in detecting and responding to sophisticated cyber threats, providing a pathway for developing more resilient cybersecurity infrastructures.

Keywords: cybersecurity, cyber forensics, penetration testing, quantum computing

Procedia PDF Downloads 11

Authors: Naveed Ghani, Samreen Javed

Abstract:

In today’s heterogeneous network environment, there is a growing demand for distrust clients to jointly execute secure network to prevent from malicious attacks as the defining task of propagating malicious code is to locate new targets to attack. Residual risk is always there no matter what solutions are implemented or whet so ever security methodology or standards being adapted. Security is the first and crucial phase in the field of Computer Science. The main aim of the Computer Security is gathering of information with secure network. No one need wonder what all that malware is trying to do: It's trying to steal money through data theft, bank transfers, stolen passwords, or swiped identities. From there, with the help of our survey we learn about the importance of white listing, antimalware programs, security patches, log files, honey pots, and more used in banks for financial data protection but there’s also a need of implementing the IPV6 tunneling with Crypto data transformation according to the requirements of new technology to prevent the organization from new Malware attacks and crafting of its own messages and sending them to the target. In this paper the writer has given the idea of implementing IPV6 Tunneling Secessions on private data transmission from financial organizations whose secrecy needed to be safeguarded.

Keywords: network worms, malware infection propagating malicious code, virus, security, VPN

Procedia PDF Downloads 331

Authors: Salha Abdullah Ali Al-Shamrani, Maha Muhammad Dhaher Aljuhani, Eman Ali Ahmed Aldhaheri

Abstract:

With the proliferation of Internet of Things (IoT) devices in various industries, there has been a concurrent rise in security vulnerabilities, particularly spoofing attacks. This study explores the potential of blockchain technology in enhancing the security of IoT systems and mitigating these attacks. Blockchain's decentralized and immutable ledger offers significant promise for improving data integrity, transaction transparency, and tamper-proofing. This research develops and implements a blockchain-based IoT architecture and a reference network to simulate real-world scenarios and evaluate a blockchain-integrated intrusion detection system. Performance measures including time delay, security, and resource utilization are used to assess the system's effectiveness, comparing it to conventional IoT networks without blockchain. The results provide valuable insights into the practicality and efficacy of employing blockchain as a security mechanism, shedding light on the trade-offs between speed and security in blockchain deployment for IoT. The study concludes that despite minor increases in time consumption, the security benefits of incorporating blockchain technology into IoT systems outweigh potential drawbacks, demonstrating a significant potential for blockchain in bolstering IoT security.

Keywords: internet of things, spoofing, IoT, access control, blockchain, raspberry pi

Procedia PDF Downloads 38

Authors: Katalin Kovacs

Abstract:

In most forms of violence the perpetrators intend to hide their identities. Terrorism is different. Terrorist groups often take responsibility for their attacks, and consequently they reveal their identities. This unique characteristic of terrorism has been largely overlooked, and scholars are still puzzled as to why terrorist groups claim responsibility for their attacks. Certainly, the claim of responsibility is worth analysing. It would help to have a clearer picture of what terrorist groups try to achieve and how, but also to develop an understanding of the strategic planning of terrorist attacks and the message the terrorists intend to deliver. The research aims to answer the question why terrorist groups choose to claim responsibility for some of their attacks and not for others. In order to do so the claim of responsibility is considered to be a tactical choice, based on the assumption that terrorists weigh the costs and benefits of claiming responsibility. The main argument is that terrorist groups do not claim responsibility in cases when there is no tactical advantage gained from claiming responsibility. The idea that the claim of responsibility has tactical value offers the opportunity to test these assertions using a large scale empirical analysis. The claim of responsibility as a tactical choice depends on other tactical choices, such as the choice of target, the internationality of the attack, the number of victims and whether the group occupies territory or operates as an underground group. The structure of the terrorist groups and the level of decision making also affects the claim of responsibility. Terrorists on the lower level are less disciplined than the leaders. This means that the terrorists on lower levels pay less attention to the strategic objectives and engage easier in indiscriminate violence, and consequently they would less like to claim responsibility. Therefore, the research argues that terrorists, who are on a highest level of decision making would claim responsibility for the attacks as those are who takes into account the strategic objectives. As most studies on terrorism fail to provide definitions; therefore the researches are fragmented and incomparable. Separate, isolated researches do not support comprehensive thinking. It is also very important to note that there are only a few researches using quantitative methods. The aim of the research is to develop a new and comprehensive overview of the claim of responsibility based on strong quantitative evidence. By using well-established definitions and operationalisation the current research focuses on a broad range of attributes that can have tactical values in order to determine circumstances when terrorists are more likely to claim responsibility.

Keywords: claim of responsibility, leadership, tactical choice, terrorist group

Procedia PDF Downloads 289

Authors: Khaled M. Khan, Armstrong Nhlabatsi

Abstract:

This article attempts to analyse behavioural traits of lone-wolves who struck and killed innocents in six different attacks in Europe in last nine months. The main objective of this study is to develop a profiling template in order to capture commonality of characteristics of these attackers. This study tries to understand the homogeneity of lone-wolves in terms of their social background and state of mind. The commonality among them can possibly be used to build a profiling template that could help detecting vulnerable persons who are prone to be self-radicalised or radicalised by someone else. The result of this study provides us an understanding of their commonality in terms of their state of mind and social characteristics.

Keywords: behavioral pattern, terrorism, profiling, commonality

Procedia PDF Downloads 371

Authors: Christodoulou Christos, Politis Anastasios

Abstract:

A large majority of users favoured to wireless LAN connection since it was so simple to use. A wireless network can be the target of numerous attacks. Class hijacking is a well-known attack that is fairly simple to execute and has significant repercussions on users. The statistical flow analysis based on machine learning (ML) techniques is a promising categorization methodology. In a given dataset, which in the context of this paper is a collection of components representing frames belonging to various flows, machine learning (ML) can offer a technique for identifying and characterizing structural patterns. It is possible to classify individual packets using these patterns. It is possible to identify fraudulent conduct, such as class hijacking, and take necessary action as a result. In this study, we explore a way to use machine learning approaches to thwart this attack.

Keywords: wireless lan, quality of service, machine learning, class hijacking, EDCA remapping

Procedia PDF Downloads 26

Authors: Behrooz Daneshmand

Abstract:

Software Defined Networking (SDN) is designed to meet the future needs of 5G mobile networks. The SDN architecture offers a new solution that involves separating the control plane from the data plane, which is usually paired together. Network functions traditionally performed on specific hardware can now be abstracted and virtualized on any device, and a centralized software-based administration approach is based on a central controller, facilitating the development of modern applications and services. These plan standards clear the way for a more adaptable, speedier, and more energetic network beneath computer program control compared with a conventional network. We accept SDN gives modern inquire about openings to security, and it can significantly affect network security research in numerous diverse ways. Subsequently, the SDN architecture engages systems to effectively screen activity and analyze threats to facilitate security approach modification and security benefit insertion. The segregation of the data planes and control and, be that as it may, opens security challenges, such as man-in-the-middle attacks (MIMA), denial of service (DoS) attacks, and immersion attacks. In this paper, we analyze security threats to each layer of SDN - application layer - southbound interfaces/northbound interfaces - controller layer and data layer. From a security point of see, the components that make up the SDN architecture have a few vulnerabilities, which may be abused by aggressors to perform noxious activities and hence influence the network and its administrations. Software-defined network assaults are shockingly a reality these days. In a nutshell, this paper highlights architectural weaknesses and develops attack vectors at each layer, which leads to conclusions about further progress in identifying the consequences of attacks and proposing mitigation strategies.

Keywords: software-defined networking, security, SDN, 5G/IMT-2020

Procedia PDF Downloads 65

Authors: Phillip Garrad, Saritha Unnikrishnan

Abstract:

The recent popularity of connected and autonomous vehicles (CAV) corresponds with an increase in the risk of cyber-attacks. These cyber-attacks have been instigated by both researchers or white-coat hackers and cyber-criminals. As Connected Vehicles move towards full autonomy, the impact of these cyber-attacks also grows. The current research details challenges faced in cybersecurity testing of CAV, including access and cost of the representative test setup. Other challenges faced are lack of experts in the field. Possible solutions to how these challenges can be overcome are reviewed and discussed. From these findings, a software simulated CAV network is established as a cost-effective representative testbed. Penetration tests are then performed on this simulation, demonstrating a cyber-attack in CAV. Studies have shown Artificial Intelligence (AI) to improve runtime, increase efficiency and comprehensively cover all the typical test aspects in penetration testing in other industries. There is an attempt to introduce similar AI models to the software simulation. The expectation from this implementation is to see similar improvements in runtime and efficiency for the CAV model. If proven to be an effective means of penetration test for CAV, this methodology may be used on a full CAV test network.

Keywords: cybersecurity, connected vehicles, software simulation, artificial intelligence, penetration testing

Procedia PDF Downloads 81

Authors: M. Karaman, H. Catalkaya

Abstract:

Due to the complex nature of cyber attacks and their effects ranging from personal to governmental level, it becomes one of the priority tasks for operation planners to take into account the risks, influences and effects of cyber attacks. However it can also be embedded or integrated technically with electronic warfare planning, cyber operation planning is needed to have a sole and broadened perspective. This perspective embodies itself firstly in operational design and then military decision making process. In order to find out the ill-structured problems, understand or visualize the operational environment and frame the problem, operational design can help support cyber operation planners and commanders. After having a broadened and conceptual startup with cyber operational design, military decision making process will follow the principles of design into more concrete elements like reaching results after risk management and center of gravity analysis of our and the enemy. In this paper we tried to emphasize the importance of cyber operational design, cyber operation planning and its integration to military decision making problem. In this foggy, uncertain and unaccountable cyber security environment, it is inevitable to stay away from cyber attacks. Therefore, a cyber operational design should be formed with line of operations, decisive points and end states in cyber then a tactical military decision making process should be followed with cyber security focus in order to support the whole operation.

Keywords: cyber operational design, military decision making process (MDMP), operation planning, end state

Procedia PDF Downloads 559

Authors: Basel Halak, Christian Hall, Syed Abdul Father, Nelson Chow Wai Kit, Ruwaydah Widaad Raymode

Abstract:

The attack surface on computing devices is becoming very sophisticated, driven by the sheer increase of interconnected devices, reaching 50B in 2025, which makes it easier for adversaries to have direct access and perform well-known physical attacks. The impact of increased security vulnerability of electronic systems is exacerbated for devices that are part of the critical infrastructure or those used in military applications, where the likelihood of being targeted is very high. This continuously evolving landscape of security threats calls for a new generation of defense methods that are equally effective and adaptive. This paper proposes an intelligent defense mechanism to protect from physical tampering, it consists of a tamper detection system enhanced with machine learning capabilities, which allows it to recognize normal operating conditions, classify known physical attacks and identify new types of malicious behaviors. A prototype of the proposed system has been implemented, and its functionality has been successfully verified for two types of normal operating conditions and further four forms of physical attacks. In addition, a systematic threat modeling analysis and security validation was carried out, which indicated the proposed solution provides better protection against including information leakage, loss of data, and disruption of operation.

Keywords: anti-tamper, hardware, machine learning, physical security, embedded devices, ioT

Procedia PDF Downloads 123

Authors: Umar Mujahid, Greatzel Unabia, Hongsik Choi, Binh Tran

Abstract:

Radio Frequency Identification (RFID) is one of the most commonly used technologies in IoTs and Wireless Sensor Networks which makes the devices identification and tracking extremely easy to manage. Since RFID uses wireless channel for communication, which is open for all types of adversaries, researchers have proposed many Ultralightweight Mutual Authentication Protocols (UMAPs) to ensure security and privacy in a cost-effective manner. These UMAPs involve simple bitwise logical operators such as XOR, AND, OR & Rot, etc., to design the protocol messages. However, most of these UMAPs were later reported to be vulnerable against many malicious attacks. In this paper, we have presented a detailed overview of some eminent UMAPs and also discussed the many security attacks on them. Finally, some recommendations and suggestions have been discussed, which can improve the design of the UMAPs.

Keywords: RFID, Ultralightweight, UMAP, SASI

Procedia PDF Downloads 118

Authors: Amal Hussain Alkhaiwani, Ghadah Abdullah Almalki

Abstract:

Recently human errors have increasingly become a very high factor in security breaches that may affect confidential data, and most of the cyber data breaches are caused by human errors. With one individual mistake, the attacker will gain access to the entire network and bypass the implemented access controls without any immediate detection. Unaware employees will be vulnerable to any social engineering cyber-attacks. Providing security awareness to People is part of the company protection process; the cyber risks cannot be reduced by just implementing technology; the human awareness of security will significantly reduce the risks, which encourage changes in staff cyber-awareness. In this paper, we will focus on Human Awareness, human needs to continue the required security education level; we will review human errors and introduce a proposed solution to avoid the breach from occurring again. Recently Saudi Arabia faced many attacks with different methods of social engineering. As Saudi Arabia has become a target to many countries and individuals, we needed to initiate a defense mechanism that begins with awareness to keep our privacy and protect the confidential data against possible intended attacks.

Keywords: cybersecurity, human aspects, human errors, human mistakes, security awareness, Saudi Arabia, security program, security education, social engineering

Procedia PDF Downloads 127