Search results for: socially engineered attacks

Authors: Dilip Singh Sisodia, Shrish Verma

Abstract:

Spamming is the most common issue seen nowadays in the Internet especially in Online Social Networking Sites (like Facebook, Twitter, and Google+ etc.). Spam messages keep wasting Internet bandwidth and the storage space of servers. On social network sites; spammers often disguise themselves by creating fake accounts and hijacking user’s accounts for personal gains. They behave like normal user and they continue to change their spamming strategy. To prevent this, most modern spam-filtering solutions are deployed on the receiver side; they are good at filtering spam for end users. In this paper we are presenting some spamming techniques their behaviour and possible solutions. We have analyzed how Spammers enters into online social networking sites (OSNSs) and how they target it and the techniques they use for it. The five discussed techniques of spamming techniques which are clickjacking, social engineered attacks, cross site scripting, URL shortening, and drive by download. We have used elgg framework for demonstration of some of spamming threats and respective implementation of solutions.

Keywords: online social networking sites, spam, attacks, internet, clickjacking / likejacking, drive-by-download, URL shortening, networking, socially engineered attacks, elgg framework

Procedia PDF Downloads 295

Authors: Muhammad Tariq A. Chaudhary

Abstract:

The tremendous loss of life that resulted in the aftermath of recent earthquakes in developing countries is mostly due to the collapse of non-engineered and semi-engineered building structures. Such structures are used as houses, schools, primary healthcare centres and government offices. These building are classified structurally into two categories viz. non-engineered and semi-engineered. Non-engineered structures include: adobe, Unreinforced Masonry (URM) and wood buildings. Semi-engineered buildings are mostly low-rise (up to 3 story) light concrete frame structures or masonry bearing walls with reinforced concrete slab. This paper presents an overview of the typical damage observed in non-engineered structures and their most likely causes in the past earthquakes with specific emphasis on the performance of such structures in the 2005 Kashmir earthquake. It is demonstrated that seismic performance of these structures can be improved from life-safety viewpoint by adopting simple low-cost modifications to the existing construction practices. Incorporation of some of these practices in the reconstruction efforts after the 2005 Kashmir earthquake are examined in the last section for mitigating seismic risk hazard.

Keywords: Kashmir earthquake, non-engineered buildings, seismic hazard, structural details, structural strengthening

Procedia PDF Downloads 251

Authors: Amin Hamrahi, Niloofar Moghaddam

Abstract:

Denial of Service is for denial-of-service attack, a type of attack on a network that is designed to bring the network to its knees by flooding it with useless traffic. Denial of Service (DoS) attacks have become a major threat to current computer networks. Many recent DoS attacks were launched via a large number of distributed attacking hosts in the Internet. These attacks are called distributed denial of service (DDoS) attacks. To have a better understanding on DoS attacks, this article provides an overview on existing DoS and DDoS attacks and major defense technologies in the Internet.

Keywords: denial of service, distributed denial of service, traffic, flooding

Procedia PDF Downloads 355

Authors: Lawrence Williams

Abstract:

As the mechanism which converts domains to internet protocol (IP) addresses, Domain Name System (DNS) is an essential part of internet usage. It was not designed securely and can be subject to attacks. DNS attacks have become more frequent and sophisticated and the need for detecting and preventing them becomes more important for the modern network. DNS tunnelling attacks are one type of attack that are primarily used for distributed denial-of-service (DDoS) attacks and data exfiltration. Discussion of different techniques to detect and prevent DNS tunneling attacks is done. The methods, models, experiments, and data for each technique are discussed. A proposal about feasibility is made. Future research on these topics is proposed.

Keywords: DNS, tunneling, exfiltration, botnet

Procedia PDF Downloads 32

Authors: Haydar Teymourlouei

Abstract:

It is important to take security measures to protect your computer information, reduce identify theft, and prevent from malicious cyber-attacks. With cyber-attacks on the continuous rise, people need to understand and learn ways to prevent from these attacks. Cyber-attack is an important factor to be considered if one is to be able to protect oneself from malicious attacks. Without proper security measures, most computer technology would hinder home users more than such technologies would help. Knowledge of how cyber-attacks operate and protective steps that can be taken to reduce chances of its occurrence are key to increasing these security measures. The purpose of this paper is to inform home users on the importance of identifying and taking preventive steps to avoid cyberattacks. Throughout this paper, many aspects of cyber-attacks will be discuss: what a cyber-attack is, the affects of cyber-attack for home users, different types of cyber-attacks, methodology to prevent such attacks; home users can take to fortify security of their computer.

Keywords: cyber-attacks, home user, prevention, security, technology

Procedia PDF Downloads 359

Authors: Bruno Vilić Belina, Jadranko Matuško

Abstract:

The rapid development of cyber-physical systems significantly influences modern control systems introducing a whole new range of applications of control systems but also putting them under new challenges to ensure their resiliency to possible cyber attacks, either in the form of data integrity attacks or deception attacks. This paper presents a model predictive approach to the control of cyber-physical systems robust to cyber attacks. We assume that a cyber attack can be modelled as an additive disturbance that acts in the measuring channel. For such a system, we designed a tube-based predictive controller based. The performance of the designed controller has been verified in Matlab/Simulink environment.

Keywords: control systems, cyber attacks, resiliency, robustness, tube based model predictive control

Procedia PDF Downloads 36

Authors: Habib Gorine, Rabia Saleh

Abstract:

Mobile Ad-Hoc Networks are the special type of wireless networks which share common security requirements with other networks such as confidentiality, integrity, authentication, and availability, which need to be addressed in order to secure data transfer through the network. Their routing protocols are vulnerable to various malicious attacks which could have a devastating consequence on data security. In this paper, three types of attacks such as selfish, gray hole, and black hole attacks have been applied to the two most important routing protocols in MANET named dynamic source routing and ad-hoc on demand distance vector in order to analyse and compare the impact of these attacks on the Network performance in terms of throughput, average delay, packet loss, and consumption of energy using NS2 simulator.

Keywords: MANET, wireless networks, routing protocols, malicious attacks, wireless networks simulation

Procedia PDF Downloads 280

Authors: Urva Maryam

Abstract:

The information has become an important asset to the current cosmos. Globally, various tactics are being observed to confine the spread of information as it makes people vulnerable to security attacks. Open Source Intelligence (OSINT) is a publicly available source that has disseminated information about users or websites, companies, and various organizations. This paper focuses on the quantitative method of exploring various OSINT tools that reveal public information of personals. This information could further facilitate phishing attacks. Phishing attacks can be launched on email addresses, open ports, and unsecure web-surfing. This study allows to analyze the information retrieved from OSINT tools, i.e. theHarvester, and Maltego that can be used to send phishing attacks to individuals.

Keywords: e-mail spoofing, Maltego, OSINT, phishing, spear phishing, theHarvester

Procedia PDF Downloads 104

Authors: Lin Feng, E. Lingling, Hongchen Liu

Abstract:

In order to evaluate the effects of autologous blood vessels and nerves on vascularization. A dog model of tissue-engineered bone vascularization was established by constructing inferior alveolar neurovascular bundles through the mandibular canal. Sixteen 12-month-old healthy beagles were randomly divided into two groups (n=8). Group A retained inferior alveolar neurovascular bundles, and Group B retained inferior alveolar nerves. Bone marrow mesenchymal stem cells were injected into β-tricalcium phosphate to prepare internal tissue-engineered bone scaffold. A personalized titanium mesh was then prepared by rapid prototyping and fixed by external titanium scaffold. Two dogs in each group were sacrificed on the 30th, 45th, 60th, and 90th postoperative days respectively. The bone was visually examined, scanned by CT, and subjected to HE staining, immunohistochemical staining, vascular casting and PCR to detect the changes in osteogenesis and vascularization.The two groups had similar outcomes in regard to osteogenesis and vascularization (P>0.05) both showed remarkable regenerative capacities. The model of tissue-engineered bone vascularization is potentially applicable in clinical practice to allow satisfactory osteogenesis and vascularization.

Keywords: inferior alveolar neurovascular bundle, osteogenesis, tissue-engineered bone, vascularization

Procedia PDF Downloads 354

Authors: Urva Maryam

Abstract:

Information has become an important asset to the current cosmos. Globally, various tactics are being observed to confine the spread of information as it makes people vulnerable to security attacks. Open Source Intelligence (OSINT) is a publicly available source that has disseminated information about users or website, companies, and various organizations. This paper focuses on the quantitative method of exploring various OSINT tools that reveal public information of personals. This information could further facilitate the phishing attacks. Phishing attacks can be launched on email addresses, open ports, and unsecured web-surfing. This study allows to analyze information retrieved from OSINT tools i.e., the Harvester, and Maltego, that can be used to send phishing attacks to individuals.

Keywords: OSINT, phishing, spear phishing, email spoofing, the harvester, maltego

Procedia PDF Downloads 40

Authors: Hazem Munawer Al-Otum

Abstract:

In this work, an efficient watermarking technique is proposed and can be used for detecting intentional attacks in RGB color images. The proposed technique can be implemented for image authentication and exhibits high robustness against unintentional common image processing attacks. It deploys two measures to discern between intentional and unintentional attacks based on using a quantization-based technique in a modified 2D multi-pyramidal DWT transform. Simulations have shown high accuracy in detecting intentionally attacked regions while exhibiting high robustness under moderate to severe common image processing attacks.

Keywords: image authentication, copyright protection, semi-fragile watermarking, tamper detection

Procedia PDF Downloads 222

Authors: Belbahi Ahlam

Abstract:

With the phenomenal growth in the Internet, network security has become an integral part of computer and information security. In order to come up with measures that make networks more secure, it is important to learn about the vulnerabilities that could exist in a computer network and then have an understanding of the typical attacks that have been carried out in such networks. The first half of this paper will expose the readers to the classical network attacks that have exploited the typical vulnerabilities of computer networks in the past and solutions that have been adopted since then to prevent or reduce the chances of some of these attacks. The second half of the paper will expose the readers to the different network security controls including the network architecture, protocols, standards and software/ hardware tools that have been adopted in modern day computer networks.

Keywords: network security, attacks and controls, computer and information, solutions

Procedia PDF Downloads 415

Authors: Yatin Wadhawan, Clifford Neuman, Anas Al Majali

Abstract:

In this paper, we evaluate the resilience of the smart grid system in the presence of multiple cyber-physical attacks on its distinct functional components. We discuss attack-defense scenarios and their effect on smart grid resilience. Through contingency simulations in the Network and PowerWorld Simulator, we analyze multiple cyber-physical attacks that propagate from the cyber domain to power systems and discuss how such attacks destabilize the underlying power grid. The analysis of such simulations helps system administrators develop more resilient systems and improves the response of the system in the presence of cyber-physical attacks.

Keywords: smart grid, gas pipeline, cyber- physical attack, security, resilience

Procedia PDF Downloads 278

Authors: Tun Myat Aung, Ni Ni Hla

Abstract:

This paper begins by describing basic properties of finite field and elliptic curve cryptography over prime field and binary field. Then we discuss the discrete logarithm problem for elliptic curves and its properties. We study the general common attacks on elliptic curve discrete logarithm problem such as the Baby Step, Giant Step method, Pollard’s rho method and Pohlig-Hellman method, and describe in detail experiments of these attacks over prime field and binary field. The paper finishes by describing expected running time of the attacks and suggesting strong elliptic curves that are not susceptible to these attacks.c

Keywords: discrete logarithm problem, general attacks, elliptic curve, prime field, binary field

Procedia PDF Downloads 192

Authors: Michal Kozubík, Svetlana Síthová

Abstract:

Aim: Aim of this study is to introduce the method of instrumental enrichment to people who works in the helping professions, and show further possibilities of its realization with children from socially disadvantaged backgrounds into society. Methods: We focused on Feuerstein’s Instrumental Enrichment method, its theoretical grounds and practical implementation. We carried out questionnaires and directly observed children from the disadvantaged background in Partizánske district. Results: We outlined the issues of children from disadvantaged social environment and their opportunity of social integration using the method. The findings showed the utility of Feuerstein method. Conclusions: We conclude that Feuerstein methods are very suitable for children from socially disadvantaged background and importance of social workers and special educator co-operation.

Keywords: Feuerstein, inclusion, education, socially disadvantaged background

Procedia PDF Downloads 286

Authors: Byung-Ik Kim, Hong-Koo Kang, Tae-Jin Lee, Hae-Ryong Park

Abstract:

Cyber terrors against specific enterprises or countries have been increasing recently. Such attacks against specific targets are called advanced persistent threat (APT), and they are giving rise to serious social problems. The malicious behaviors of APT attacks mostly affect websites and penetrate enterprise networks to perform malevolent acts. Although many enterprises invest heavily in security to defend against such APT threats, they recognize the APT attacks only after the latter are already in action. This paper discusses the characteristics of APT attacks at each step as well as the strengths and weaknesses of existing malicious code detection technologies to check their suitability for detecting APT attacks. It then proposes a network-based malicious behavior detection algorithm to protect the enterprise or national networks.

Keywords: Advanced Persistent Threat (APT), malware, network security, network packet, exploit kits

Procedia PDF Downloads 331

Authors: Ahmet E. Osmanlioglu

Abstract:

In this study, natural bentonite was used as natural clay material and samples were taken from the Kalecik district in Ankara. In this research, bentonite is the subject of an analysis from standpoint of assessing the basic properties of engineered barriers with respect to the buffer material. Bentonite and sand mixtures were prepared for tests. Some of clay minerals give relatively higher hydraulic conductivity and lower swelling pressure. Generally, hydraulic conductivity of these type clays is lower than <10-12 m/s. The hydraulic properties of clay-sand mixtures are evaluated to design engineered barrier specifications. Hydraulic conductivities of bentonite-sand mixture were found in the range of 1.2x10-10 to 9.3x10-10 m/s. Optimum B/S mixture ratio was determined as 35% in terms of hydraulic conductivity and mechanical stability. At the second stage of this study, all samples were compacted into cylindrical shape molds (diameter: 50 mm and length: 120 mm). The strength properties of compacted mixtures were better than the compacted bentonite. In addition, the larger content of the quartz sand in the mixture has the greater thermal conductivity.

Keywords: engineered barriers, mechanical stability, clay, nuclear waste disposal

Procedia PDF Downloads 352

Authors: Ahmed Abdulla Ashlam, Atta Badii, Frederic Stahl

Abstract:

In recent years, SQL injection attacks have been identified as being prevalent against web applications. They affect network security and user data, which leads to a considerable loss of money and data every year. This paper presents the use of classification algorithms in machine learning using a method to classify the login data filtering inputs into "SQLi" or "Non-SQLi,” thus increasing the reliability and accuracy of results in terms of deciding whether an operation is an attack or a valid operation. A method Web-App auto-generated twin data structure replication. Shielding against SQLi attacks (WebAppShield) that verifies all users and prevents attackers (SQLi attacks) from entering and or accessing the database, which the machine learning module predicts as "Non-SQLi" has been developed. A special login form has been developed with a special instance of data validation; this verification process secures the web application from its early stages. The system has been tested and validated, up to 99% of SQLi attacks have been prevented.

Keywords: SQL injection, attacks, web application, accuracy, database

Procedia PDF Downloads 113

Authors: Emhemed Shaklawoon, Ibrahim Althomali

Abstract:

We propose that we identify different defense mechanisms that were used before the introduction of the cloud and compare if their protection mechanisms are still valuable and to what degree. Note that in order to defend against vulnerability, we must know how this vulnerability is abused in an attack. Only then, we will be able to recognize if it is easier or harder to defend against cyber attacks.

Keywords: cloud computing, privacy, cyber attacks, defend the cloud

Procedia PDF Downloads 389

Authors: Masaya Yoshikawa, Toshiya Asai, Ryoma Matsuhisa, Yusuke Nozaki, Kensaku Asahi

Abstract:

Recently, side-channel attacks, which estimate secret keys using side-channel information such as power consumption and compromising emanations of cryptography circuits embedded in hardware, have become a serious problem. In particular, electromagnetic analysis attacks against cryptographic circuits between information processing and electromagnetic fields, which are related to secret keys in cryptography circuits, are the most threatening side-channel attacks. Therefore, it is important to evaluate tamper resistance against electromagnetic analysis attacks for cryptography circuits. The present study performs basic examination of the tamper resistance of cryptography circuits using electromagnetic analysis attacks with noise resources.

Keywords: tamper resistance, cryptographic circuit, hardware security evaluation, noise resources

Procedia PDF Downloads 461

Authors: Ngoc Tu Truong, Nuong T. Bui, Ben Rao, Ya L. Shen

Abstract:

Quorum sensing is a phenomenon present in many gram-negative bacteria that allows bacterial communication and controlled expression of a large suite of genes through quorum sensing signals - N-acyl homoserine lactones (AHLs). In order to investigate the ability of the rhlR/rhlI quorum sensing system in Pseudomonas aeruginosa to express the ß-Galactosidase reporter gene, an engineered E. coli strain EpHL02, was genetically engineered. This engineered E. coli strain EpHL02 responded to the presence of the N-butanoyl homoserine lactone and N-hexanoyl homoserine lactone to express the ß-Galactosidase reporter gene at a concentration limit of 5x10⁻⁸ M. This was also found to be comparable to AHLs extraction from Serratia marcescens H31. Moreover, we examined this ability of this engineered E. coli strain for respond of AHLs from extractions of Pseudomonas aeruginosa ATCC9027. The results demonstrated that the rhlR/rhlI quorum sensing system can express the ß-Galactosidase reporter gene by using the N-butanoyl homoserine lactone, N-hexanoyl homoserine lactone and AHLs from extractions of Serratia marcescens H31 and Pseudomonas aeruginosa ATCC9027 in the engineered E. coli strain EpHL02.

Keywords: N-butanoyl homoserine lactone, C4-HSL, N-hexanoyl homoserine lactone, C6-HSL, Pseudomonas aeruginosa, quorum sensing, Serratia marcescens, ß-galactosidase reporter gene

Procedia PDF Downloads 277

Authors: Vinicius Binotte, Guilherme Baldo, Christiane Goulart, Carlos Valadão, Eliete Caldeira, Teodiano Bastos

Abstract:

Socially assistive robotic has become increasingly active and it is present in therapies of people affected for several neurobehavioral conditions, such as Autism Spectrum Disorder (ASD). In fact, robots have played a significant role for positive interaction with children with ASD, by stimulating their social and cognitive skills. This work introduces a mobile socially-assistive robot, which was built for interaction with children with ASD, using non-linear control techniques for this interaction.

Keywords: socially assistive robotics, mobile robot, autonomous control, autism

Procedia PDF Downloads 447

Authors: Neda Seyyedi, Reza Berangi

Abstract:

Voice over IP (VOIP) network, also known as Internet telephony, is growing increasingly having occupied a large part of the communications market. With the growth of each technology, the related security issues become of particular importance. Taking advantage of this technology in different environments with numerous features put at our disposal, there arises an increasing need to address the security threats. Being IP-based and playing a signaling role in VOIP networks, Session Initiation Protocol (SIP) lets the invaders use weaknesses of the protocol to disable VOIP service. One of the most important threats is denial of service attack, a branch of which in this article we have discussed as flooding attacks. These attacks make server resources wasted and deprive it from delivering service to authorized users. Distributed denial of service attacks and attacks with a low rate can mislead many attack detection mechanisms. In this paper, we introduce a mechanism which not only detects distributed denial of service attacks and low rate attacks, but can also identify the attackers accurately. We detect and prevent flooding attacks in SIP protocol using Shannon (FDP-S), Renyi (FDP-R) and Tsallis (FDP-T) entropy. We conducted an experiment to compare the percentage of detection and rate of false alarm messages using any of the Shannon, Renyi and Tsallis entropy as a measure of disorder. Implementation results show that, according to the parametric nature of the Renyi and Tsallis entropy, by changing the parameters, different detection percentages and false alarm rates will be gained with the possibility to adjust the sensitivity of the detection mechanism.

Keywords: VOIP networks, flooding attacks, entropy, computer networks

Procedia PDF Downloads 367

Authors: Tshegofatso Rambau, Tonderai Muchenje

Abstract:

Zero-day attacks (ZDA) are increasing day by day; there are many vulnerabilities in systems and software that date back decades. Companies keep discovering vulnerabilities in their systems and software and work to release patches and updates. A zero-day vulnerability is a software fault that is not widely known and is unknown to the vendor; attackers work very quickly to exploit these vulnerabilities. These are major security threats with a high success rate because businesses lack the essential safeguards to detect and prevent them. This study focuses on the factors and techniques that can help us detect zero-day attacks. There are various methods and techniques for detecting vulnerabilities. Various companies like edges can offer penetration testing and smart vulnerability management solutions. We will undertake literature studies on zero-day attacks and detection methods, as well as modeling approaches and simulations, as part of the study process.

Keywords: zero-day attacks, exploitation, vulnerabilities

Procedia PDF Downloads 65

Authors: Jamal Wiwoho, Pujiyono, Triyanto

Abstract:

Terrorism is a real enemy for all countries, including Indonesia. Bomb attacks in some parts of Indonesia are proof that Indonesia has serious problems with terrorism. Perpetrators of terror are arrested and imprisoned, and some of them were executed. However, this method did not succeed in stopping the terrorist attacks. Former terrorists continue to carry out bomb attacks. Therefore, this paper proposes a program towards deradicalization efforts of former terrorists through entrepreneurship. This is necessary because it is impossible to change their radical ideology. The program is also motivated by understanding that terrorists generally come from poor families. This program aims to occupy their time with business activities so there is no time to plan and carry out bomb attacks. This research is an empirical law study. Data were collected by literature study, observation, and in-depth interviews. Data were analyzed with the Miles and Huberman interactive model. The results show that the entrepreneurship program is effective to prevent terrorist attack. Former terrorists are busy with their business. Therefore, they have no time to carry out bomb attacks.

Keywords: deradicalization, terrorism, terrorists, entrepreneurship

Procedia PDF Downloads 235

Authors: Nataliya Venelinova

Abstract:

The paper proposes a new interdisciplinary model of reconsidering the role of mass communication effects by coverage of terrorism. The idea of 4P model is based on the synergy, created by the information strategy of threat, predominantly used by terrorist groups, the effects of mediating the symbolic action of the terrorist attacks or the taking of responsibility of any attacks, and the reshaped public perception for security after the attacks being mass communicated. The paper defines the mass communication cycle of terrorism, which leads not only to re-agenda setting of the societies, but also spirally amplifying the effect of propagating fears by over-informing on terrorism attacks. This finally results in the outlining of the so called 4P-model of information terrorism: mass propaganda, panic, paranoia and pandemic.

Keywords: information terrorism, mass communication cycle, public perception, security

Procedia PDF Downloads 135

Authors: Noureddine Mohtaram, Jeremy Patrix, Jerome Verny

Abstract:

As an enormous number of online services have been developed into web applications, security problems based on web applications are becoming more serious now. Most intrusion detection systems rely on each request to find the cyber-attack rather than on user behavior, and these systems can only protect web applications against known vulnerabilities rather than certain zero-day attacks. In order to detect new attacks, we analyze the HTTP protocols of web servers to divide them into two categories: normal attacks and malicious attacks. On the other hand, the quality of the results obtained by deep learning (DL) in various areas of big data has given an important motivation to apply it to cybersecurity. Deep learning for attack detection in cybersecurity has the potential to be a robust tool from small transformations to new attacks due to its capability to extract more high-level features. This research aims to take a new approach, deep learning to cybersecurity, to classify these two categories to eliminate attacks and protect web servers of the defense sector which encounters different web traffic compared to other sectors (such as e-commerce, web app, etc.). The result shows that by using a machine learning method, a higher accuracy rate, and a lower false alarm detection rate can be achieved.

Keywords: anomaly detection, HTTP protocol, logs, cyber attack, deep learning

Procedia PDF Downloads 172

Authors: Godiya Atsiya Pius

Abstract:

The recent dimension of terrorist attacks and violence in West Africa and Nigeria in particular has attracted both academic and global concerns. Children, young girls and women are now victims of violent attacks and insurgency in their own country. Today, we have a reverse situation where women and children were spared during violence in the past. Empirical evidence shows that millions of children, young girls and women are caught up in violent attacks in which they are not merely spectatorial, but victims of circumstance. Some fall victims of a general onslaught against civilians by the drivers of such conflicts. Others die as part of a calculated genocide. Still others are taken as hostages as part of a deliberate attack on them. With particular reference to over 200 Chibok school girls that were abducted by the Boko Haram Islamic sect in Maiduguri, Borno state, Nigeria, this study shall attempt a theoretical exploration of the circumstances surrounding the insurgency attacks on these categories of vulnerable groups in Nigeria. This paper also intends to examine the nature, dimensions, causes, effects as well as implications of these attacks on women and children in West Africa. The paper shall sum up with conclusion and possible recommendations that could help the region in the 21st century and beyond.

Keywords: insurgency, gender, violence, security, vulnerable groups

Procedia PDF Downloads 438

Authors: Bhaumik Tyagi, Mandeep Kaur, Kanika Singla

Abstract:

The advancement of blockchain has facilitated scholars to remodel e-voting systems for future generations. Server-side attacks like SQL injection attacks and DOS attacks are the most common attacks nowadays, where malicious codes are injected into the system through user input fields by illicit users, which leads to data leakage in the worst scenarios. Besides, quantum attacks are also there which manipulate the transactional data. In order to deal with all the above-mentioned attacks, integration of blockchain, convolutional neural network (CNN), and Quantum Key Distribution is done in this very research. The utilization of blockchain technology in e-voting applications is not a novel concept. But privacy and security issues are still there in a public and private blockchains. To solve this, the use of a hybrid blockchain is done in this research. This research proposed cryptographic signatures and blockchain algorithms to validate the origin and integrity of the votes. The convolutional neural network (CNN), a normalized version of the multilayer perceptron, is also applied in the system to analyze visual descriptions upon registration in a direction to enhance the privacy of voters and the e-voting system. Quantum Key Distribution is being implemented in order to secure a blockchain-based e-voting system from quantum attacks using quantum algorithms. Implementation of e-voting blockchain D-app and providing a proposed solution for the privacy of voters in e-voting using Blockchain, CNN, and Quantum Key Distribution is done.

Keywords: hybrid blockchain, secure e-voting system, convolutional neural networks, quantum key distribution, one-time pad

Procedia PDF Downloads 48

Authors: Zhang Xingnan, Huang Jingjia, Feng Yue, Burra Venkata Durga Kumar

Abstract:

This paper proposes a comprehensive approach to mitigate ROP (Return-Oriented Programming) attacks by combining internal operating system protection mechanisms and hardware-assisted techniques. Through extensive literature review, we identify the effectiveness of ASLR (Address Space Layout Randomization) and LBR (Last Branch Record) in preventing ROP attacks. We present a process involving buffer overflow detection, hardware-assisted ROP attack detection, and the use of Turing detection technology to monitor control flow behavior. We envision a specialized tool that views and analyzes the last branch record, compares control flow with a baseline, and outputs differences in natural language. This tool offers a graphical interface, facilitating the prevention and detection of ROP attacks. The proposed approach and tool provide practical solutions for enhancing software security.

Keywords: operating system, ROP attacks, returning-oriented programming attacks, ASLR, LBR, CFI, DEP, code randomization, hardware-assisted CFI

Procedia PDF Downloads 50