Journal articles on the topic 'Dynamic attack graph'
To see the other types of publications on this topic, follow the link: Dynamic attack graph.
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 journal articles for your research on the topic 'Dynamic attack graph.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.
1
Jaiganesh, M., G. ShivajiRao, P. Dhivya, M. Udhayamoorthi, and A. Vincent Antony Kumar. "Intrusion Optimal Path Attack detection using ACO for Cloud Computing." E3S Web of Conferences 472 (2024): 02009. http://dx.doi.org/10.1051/e3sconf/202447202009.
Abstract:
As the cloud infrastructure is simultaneously shared by millions of consumers, heinous use of cloud resources are also increasing. It makes ways to attackers to set up attacks by exploiting the vulnerabilities. And obviously, these attacks are leading to severe disasters as innocent consumers are unknowingly sharing cloud resources with harmful attackers. To prevent the occurrence of cloud attacks, attack graph based framework is proposed in this paper. Here, an attack path sketches an attack scenario by a streak of threats ranging in severity rating that shows how popular a particular cloud network service is in comparison. In a dynamic cloud environment, the proposed framework can disclose an optimal attack path thereby preventing cloud attacks. In cloud system the infrastructure is shared by potentially millions of users, which benefits the attackers to exploit vulnerabilities of the cloud. An instrument for analyzing multi-stage, multi-host assault scenarios in networks is the attack graph. It might not be possible for the administrator to patch every vulnerability n a large number of assault paths in an attack graph. The administrator might not be able to fix every vulnerability. To identify the most preferred or ideal assault path from a particular attack graph in a setting Ant Colony Optimization (ACO) algorithm is used.
2
Pal, Arunangshu, and Prasenjit Choudhury. "Mitigating Black Hole Attacks in AODV Routing Protocol Using Dynamic Graph." Mapana - Journal of Sciences 11, no. 4 (August 22, 2012): 65–76. http://dx.doi.org/10.12723/mjs.23.5.
Abstract:
With the advancement of wireless technologies, Mobile Ad hoc NETwork (MANET) has been an important field of study. MANETs find useful applications in the real world, for example in military battlefield and disaster management. Since MANET is dynamic in nature, it must be represented by dynamic graph. Evolving graph, a form of dynamic graph, may be used for the purpose. When we talk about a network, a routing protocol comes into the question, and one of the most popular routing protocols is AODV. However, since AODV suffers from a drawback that it may be a victim of black hole attack, we need to find a technique to eliminate the possibility of the phenomenon. This paper makes a study of MANET and an efficient way of representing MANET by dynamic graph. It explains the AODV routing technique and the black hole attack. It then extends the idea of dynamic graph to propose a technique to solve the problem of black hole attack in AODV.
3
Sæther, Sigve Hortemo, Jan Arne Telle, and Martin Vatshelle. "Solving #SAT and MAXSAT by Dynamic Programming." Journal of Artificial Intelligence Research 54 (September 9, 2015): 59–82. http://dx.doi.org/10.1613/jair.4831.
Abstract:
We look at dynamic programming algorithms for propositional model counting, also called #SAT, and MaxSAT. Tools from graph structure theory, in particular treewidth, have been used to successfully identify tractable cases in many subfields of AI, including SAT, Constraint Satisfaction Problems (CSP), Bayesian reasoning, and planning. In this paper we attack #SAT and MaxSAT using similar, but more modern, graph structure tools. The tractable cases will include formulas whose class of incidence graphs have not only unbounded treewidth but also unbounded clique-width. We show that our algorithms extend all previous results for MaxSAT and #SAT achieved by dynamic programming along structural decompositions of the incidence graph of the input formula. We present some limited experimental results, comparing implementations of our algorithms to state-of-the-art #SAT and MaxSAT solvers, as a proof of concept that warrants further research.
4
Rajeshwari, T., and C. Thangamani. "Attack Impact Discovery and Recovery with Dynamic Bayesian Networks." Asian Journal of Computer Science and Technology 8, S1 (February 5, 2019): 74–79. http://dx.doi.org/10.51983/ajcst-2019.8.s1.1953.
Abstract:
The network attacks are discovered using the Intrusion Detection Systems (IDS). Anomaly, signature and compound attack detection schemes are employed to fetch malicious data traffic activities. The attack impact analysis operations are carried out to discover the malicious objects in the network. The system objects are contaminated with process injection or hijacking. The attack ramification model discovers the contaminated objects. The dependency networks are built to model the information flow over the objects in the network. The dependency network is a directed graph built to indicate the data communication over the objects. The attack ramification models are designed with intrusion root information. The attack ramifications are applied to identify the malicious objects and contaminated objects. The attack ramifications are discovered with the information flows from the attack sources. The Attack Ramification with Bayesian Network (ARBN) scheme discovers the attack impact without the knowledge of the intrusion root. The probabilistic reasoning approach is employed to analyze the object state for ramification process. The objects lifetime is divided into temporal slices to verify the object state changes. The system call traces and object slices are correlated to construct the Temporal Dependency Network (TDN). The Bayesian Network (BN) is constructed with the uncertain data communication activities extracted from the TDN. The attack impact is fetched with loopy belief propagation on the BN model. The network security system is built with attack impact analysis and recovery operations. Live traffic data analysis process is carried out with improved temporal slicing concepts. Attack Ramification and Recovery with Dynamic Bayesian Network (ARRDBN) is built to support attack impact analysis and recovery tasks. The unsupervised attack handling mechanism automatically discovers the feasible solution for the associated attacks.
5
Hu, Chenao, and Xuefeng Yan. "Dynamic Trilateral Game Model for Attack Graph Security Game." IOP Conference Series: Materials Science and Engineering 790 (April 7, 2020): 012112. http://dx.doi.org/10.1088/1757-899x/790/1/012112.
6
Lv, Huiying, Yuan Zhang, and Jie Wang. "Network Threat Identification and Analysis Based on a State Transition Graph." Cybernetics and Information Technologies 13, Special-Issue (December 1, 2013): 51–61. http://dx.doi.org/10.2478/cait-2013-0037.
Abstract:
Abstract With the rapid popularity of Internet and information technology, local area network is becoming insecure. Along with the improving advantages, security threats are emerging continually and bringing great pressure and challenges. An identification and analysis method for network real-time threats is proposed to accurately assess and master the current network security situation, and thereby preferably guide a dynamic defense. This method recognizes the current threats and predicts the subsequent threats by modeling attack scenarios and simulating attack state transferring. The threat identification model is called Attack State Transition Graph and Real-Time Attack State Graph, which is constructed by an Expanded Finite-State Automata. Based on the former possible threat paths, the state transitions can be illustrated and based on the latter, actually successful threats and threat paths are described. Then a threat identification algorithm is presented based on the above model. With this algorithm, various invalid threats are filtered; current valid threats are obtained by correlating the dynamic alarms with a static attack scenario. Further on, combining the Attack State Transition Graph with a Real-Time Attack State Graph, a possible next threat and a threat path can be identified and an attack target can also be predicted. Finally, the simulated results in an experimental network verify the feasibility and validity of the model and algorithm. This method provides a novel solution to evaluate and analyze the network security situation.
7
Gao, Xiang, Xue Qin Xu, and Min Wang. "Evaluating Network Security Based on Attack Graph." Advanced Materials Research 756-759 (September 2013): 2374–78. http://dx.doi.org/10.4028/www.scientific.net/amr.756-759.2374.
Abstract:
By now, Attack Graph (AG) is widely applied to the field of network security assessment. In the AG, each vertex has a value that implies the probability of the exploit and each edge represents the relationship between the exploits. In this paper we design an AG model and propose an approach which integrates the AG model with the Dynamic Bayesian Network (DBN). The approach not only strengthens the rationality of uncertain reasoning, but also provides a quantitative assessment of network security status. We evaluated the approach by experiment. The results showed that our model is rather accurate and the performance of it is competitive.
8
Lee, Dongjin, Juho Lee, and Kijung Shin. "Spear and Shield: Adversarial Attacks and Defense Methods for Model-Based Link Prediction on Continuous-Time Dynamic Graphs." Proceedings of the AAAI Conference on Artificial Intelligence 38, no. 12 (March 24, 2024): 13374–82. http://dx.doi.org/10.1609/aaai.v38i12.29239.
Abstract:
Real-world graphs are dynamic, constantly evolving with new interactions, such as financial transactions in financial networks. Temporal Graph Neural Networks (TGNNs) have been developed to effectively capture the evolving patterns in dynamic graphs. While these models have demonstrated their superiority, being widely adopted in various important fields, their vulnerabilities against adversarial attacks remain largely unexplored. In this paper, we propose T-SPEAR, a simple and effective adversarial attack method for link prediction on continuous-time dynamic graphs, focusing on investigating the vulnerabilities of TGNNs. Specifically, before the training procedure of a victim model, which is a TGNN for link prediction, we inject edge perturbations to the data that are unnoticeable in terms of the four constraints we propose, and yet effective enough to cause malfunction of the victim model. Moreover, we propose a robust training approach T-SHIELD to mitigate the impact of adversarial attacks. By using edge filtering and enforcing temporal smoothness to node embeddings, we enhance the robustness of the victim model. Our experimental study shows that T-SPEAR significantly degrades the victim model's performance on link prediction tasks, and even more, our attacks are transferable to other TGNNs, which differ from the victim model assumed by the attacker. Moreover, we demonstrate that T-SHIELD effectively filters out adversarial edges and exhibits robustness against adversarial attacks, surpassing the link prediction performance of the naive TGNN by up to 11.2% under T-SPEAR. The code and datasets are available at https://github.com/wooner49/T-spear-shield
9
Boudermine, Antoine, Rida Khatoun, and Jean-Henri Choyer. "Dynamic logic-based attack graph for risk assessment in complex computer systems." Computer Networks 228 (June 2023): 109730. http://dx.doi.org/10.1016/j.comnet.2023.109730.
10
Guo, Mingyu, Max Ward, Aneta Neumann, Frank Neumann, and Hung Nguyen. "Scalable Edge Blocking Algorithms for Defending Active Directory Style Attack Graphs." Proceedings of the AAAI Conference on Artificial Intelligence 37, no. 5 (June 26, 2023): 5649–56. http://dx.doi.org/10.1609/aaai.v37i5.25701.
Abstract:
Active Directory (AD) is the default security management system for Windows domain networks. An AD environment naturally describes an attack graph where nodes represent computers/accounts/security groups, and edges represent existing accesses/known exploits that allow the attacker to gain access from one node to another. Motivated by practical AD use cases, we study a Stackelberg game between one attacker and one defender. There are multiple entry nodes for the attacker to choose from and there is a single target (Domain Admin). Every edge has a failure rate. The attacker chooses the attack path with the maximum success rate. The defender can block a limited number of edges (i.e., revoke accesses) from a set of blockable edges, limited by budget. The defender's aim is to minimize the attacker's success rate. We exploit the tree-likeness of practical AD graphs to design scalable algorithms. We propose two novel methods that combine theoretical fixed parameter analysis and practical optimisation techniques. For graphs with small tree widths, we propose a tree decomposition based dynamic program. We then propose a general method for converting tree decomposition based dynamic programs to reinforcement learning environments, which leads to an anytime algorithm that scales better, but loses the optimality guarantee. For graphs with small numbers of non-splitting paths (a parameter we invent specifically for AD graphs), we propose a kernelization technique that significantly downsizes the model, which is then solved via mixed-integer programming. Experimentally, our algorithms scale to handle synthetic AD graphs with tens of thousands of nodes.
11
Kavallieratos, Georgios, Nabin Chowdhury, Sokratis Katsikas, Vasileios Gkioulos, and Stephen Wolthusen. "Threat Analysis for Smart Homes." Future Internet 11, no. 10 (September 25, 2019): 207. http://dx.doi.org/10.3390/fi11100207.
Abstract:
The development and deployment of highly dynamic, cyber+connected operational environments, such as smart homes, smart cities, and smart transportation systems, is increasing. The security analysis of such dynamic environments necessitates the use of dynamic risk assessment methodologies and the modeling of dynamically changing states. In this paper, we focus on the smart home environment, where the deployment of IoT devices increase the attack surface. We examine existing dynamic risk assessment methodologies, and by leveraging a smart home reference architecture we identify the security risks of a smart home’s physical and communication viewpoints, taking into consideration also dynamic operational aspects. Further, we develop a smart home network topology generator and a graph-based attack model to study dependencies among dynamically changing states and the propagation of a malware infection.
12
Bopche, Ghanshyam S., and Babu M. Mehtre. "Graph similarity metrics for assessing temporal changes in attack surface of dynamic networks." Computers & Security 64 (January 2017): 16–43. http://dx.doi.org/10.1016/j.cose.2016.09.010.
13
Alwasel, Bader, Abdulaziz Aldribi, Mohammed Alreshoodi, Ibrahim S. Alsukayti, and Mohammed Alsuhaibani. "Leveraging Graph-Based Representations to Enhance Machine Learning Performance in IIoT Network Security and Attack Detection." Applied Sciences 13, no. 13 (June 30, 2023): 7774. http://dx.doi.org/10.3390/app13137774.
Abstract:
In the dynamic and ever-evolving realm of network security, the ability to accurately identify and classify portscan attacks both inside and outside networks is of paramount importance. This study delves into the underexplored potential of fusing graph theory with machine learning models to elevate their anomaly detection capabilities in the context of industrial Internet of things (IIoT) network data analysis. We employed a comprehensive experimental approach, encompassing data preprocessing, visualization, feature analysis, and machine learning model comparison, to assess the efficacy of graph theory representation in improving classification accuracy. More specifically, we converted network traffic data into a graph-based representation, where nodes represent devices and edges represent communication instances. We then incorporated these graph features into our machine learning models. Our findings reveal that incorporating graph theory into the analysis of network data results in a modest-yet-meaningful improvement in the performance of the tested machine learning models, including logistic regression, support vector machines, and K-means clustering. These results underscore the significance of graph theory representation in bolstering the discriminative capabilities of machine learning algorithms when applied to network data.
14
Wan, Shanshan, and Ying Liu. "A security detection approach based on autonomy-oriented user sensor in social recommendation network." International Journal of Distributed Sensor Networks 18, no. 3 (March 2022): 155013292210824. http://dx.doi.org/10.1177/15501329221082415.
Abstract:
User social network-based recommender system has achieved significant performance in current recommendation fields. However, the characteristic of openness brings great hidden dangers to the security of recommender systems. Shilling attackers can change the recommendations by foraging user relationships. Most shilling attack detection approaches depend on the explicit user historical data to locate shilling attackers. Some important features such as information propagation and social feedback of users in social networks have not been noticed. We propose a security detection method based on autonomy-oriented user sensor (AOUSD) to identify shilling attackers. Specifically, (1) the user is simulated as a social sensor with autonomous capabilities, (2) the user interaction model is built based on information propagation, information feedback and information disappearance mechanisms of social sensors, and a user dynamic knowledge graph is formed by considering the variable time function, (3) hierarchical clustering method is used to generate preliminary suspicious candidate groups and graph community detection clustering method is applied on the dynamic knowledge graph to detect the attackers. Then, AOUSD is first simulated on NetLogo and it is compared with other algorithms based on the Amazon data. The results prove the advantages of AOUSD in the efficiency and accuracy on shilling attack detection.
15
Shahpasand, Maryam, Mehdi Shajari, Seyed Alireza Hashemi Golpaygani, and Hoda Ghavamipoor. "A comprehensive security control selection model for inter-dependent organizational assets structure." Information & Computer Security 23, no. 2 (June 8, 2015): 218–42. http://dx.doi.org/10.1108/ics-12-2013-0090.
Abstract:
Purpose – This paper aims to propose a comprehensive model to find out the most preventive subset of security controls against potential security attacks inside the limited budget. Deploying the appropriate collection of information security controls, especially in information system-dependent organizations, ensures their businesses' continuity alongside with their effectiveness and efficiency. Design/methodology/approach – Impacts of security attacks are measured based on interdependent asset structure. Regarding this objective, the asset operational dependency graph is mapped to the security attack graph to assess the risks of attacks. This mapping enables us to measure the effectiveness of security controls against attacks. The most effective subset is found by mapping its features (cost and effectiveness) to items’ features in a binary knapsack problem, and then solving the problem by a modified version of the classic dynamic programming algorithm. Findings – Exact solutions are achieved using the dynamic programming algorithm approach in the proposed model. Optimal security control subset is selected based on its implementation cost, its effectiveness and the limited budget. Research limitations/implications – Estimation of control effectiveness is the most significant limitation of the proposed model utilization. This is caused by lack of experience in risk management in organizations, which forces them to rely on reports and simulation results. Originality/value – So far, cost-benefit approaches in security investments are followed only based on vulnerability assessment results. Moreover, dependency weights and types in interdependent structure of assets have been taken into account by a limited number of models. In the proposed model, a three-dimensional graph is used to capture the dependencies in risk assessment and optimal control subset selection, through a holistic approach.
16
Sen, Saurabh Kumar, and Anuradha Deolase. "Analyse Cyberattack at Organizations using Logistic Regression Algorithm." International Journal for Research in Applied Science and Engineering Technology 10, no. 3 (March 31, 2022): 518–25. http://dx.doi.org/10.22214/ijraset.2022.40663.
Abstract:
Abstract: Ransomware cyberattacks have grown in severity, effectiveness to cause damage, and ease of execution during the last decade. Advanced ransomware detection technologies must be included with traditional anti-malware procedures. The results of a study and analysis of ransomware attack risk are presented in this work, with the goal of identifying the characteristics that separate ransomware from other malware and benign executable files with the help of detected logs. The ransomware's normal behaviour and structure are determined by statically and dynamically analysing the executable binaries. Ransomware-specific features are extracted from executable files using dynamic and static analysis techniques. This study shows that graph representation of attacks with a collection of datasets for malware detection improves when using machine learning techniques. Keywords: Ransomware, Malware Detection, Static Analysis, Dynamic Analysis, Anti-malware, Machine learning etc.
17
Kholidy, Hisham A. "Multi-Layer Attack Graph Analysis in the 5G Edge Network Using a Dynamic Hexagonal Fuzzy Method." Sensors 22, no. 1 (December 21, 2021): 9. http://dx.doi.org/10.3390/s22010009.
Abstract:
Overall, 5G networks are expected to become the backbone of many critical IT applications. With 5G, new tech advancements and innovation are expected; 5G currently operates on software-defined networking. This enables 5G to implement network slicing to meet the unique requirements of every application. As a result, 5G is more flexible and scalable than 4G LTE and previous generations. To avoid the growing risks of hacking, 5G cybersecurity needs some significant improvements. Some security concerns involve the network itself, while others focus on the devices connected to 5G. Both aspects present a risk to consumers, governments, and businesses alike. There is currently no real-time vulnerability assessment framework that specifically addresses 5G Edge networks, with regard to their real-time scalability and dynamic nature. This paper studies the vulnerability assessment in the 5G networks and develops an optimized dynamic method that integrates the Technique for Order of Preference by Similarity to Ideal Solution (TOPSIS) with the hexagonal fuzzy numbers to accurately analyze the vulnerabilities in 5G networks. The proposed method considers both the vulnerability and 5G network dynamic factors such as latency and accessibility to find the potential attack graph paths where the attack might propagate in the network and quantifies the attack cost and security level of the network. We test and validate the proposed method using our 5G testbed and we compare the optimized method to the classical TOPSIS and the known vulnerability scanner tool, Nessus.
18
Kim, Jiyeon, and Hyong S. Kim. "Intrusion Detection Based on Spatiotemporal Characterization of Cyberattacks." Electronics 9, no. 3 (March 9, 2020): 460. http://dx.doi.org/10.3390/electronics9030460.
Abstract:
As attack techniques become more sophisticated, detecting new and advanced cyberattacks with traditional intrusion detection techniques based on signature and anomaly is becoming challenging. In signature-based detection, not only do attackers bypass known signatures, but they also exploit unknown vulnerabilities. As the number of new signatures is increasing daily, it is also challenging to scale the detection mechanisms without impacting performance. For anomaly detection, defining normal behaviors is challenging due to today’s complex applications with dynamic features. These complex and dynamic characteristics cause much false positives with a simple outlier detection. In this work, we detect intrusion behaviors by looking at number of computing elements together in time and space, whereas most of existing intrusion detection systems focus on a single element. In order to define the spatiotemporal intrusion patterns, we look at fundamental behaviors of cyberattacks that should appear in any possible attacks. We define these individual behaviors as basic cyberattack action (BCA) and develop a stochastic graph model to represent combination of BCAs in time and space. In addition, we build an intrusion detection system to demonstrate the detection mechanism based on the graph model. We inject numerous known and possible unknown attacks comprising BCAs and show how the system detects these attacks and how to locate the root causes based on the spatiotemporal patterns. The characterization of attacks in spatiotemporal patterns with expected essential behaviors would present a new effective approach to the intrusion detection.
19
Gao, Yazhuo, Guomin Zhang, and Changyou Xing. "A Multiphase Dynamic Deployment Mechanism of Virtualized Honeypots Based on Intelligent Attack Path Prediction." Security and Communication Networks 2021 (October 21, 2021): 1–15. http://dx.doi.org/10.1155/2021/6378218.
Abstract:
As an important deception defense method, a honeypot can be used to enhance the network’s active defense capability effectively. However, the existing rigid deployment method makes it difficult to deal with the uncertain strategic attack behaviors of the attackers. To solve such a problem, we propose a multiphase dynamic deployment mechanism of virtualized honeypots (MD2VH) based on the intelligent attack path prediction method. MD2VH depicts the attack and defense characteristics of both attackers and defenders through the Bayesian state attack graph, establishes a multiphase dynamic deployment optimization model of the virtualized honeypots based on the extended Markov’s decision-making process, and generates the deployment strategies dynamically by combining the online and offline reinforcement learning methods. Besides, we also implement a prototype system based on software-defined network and virtualization container, so as to evaluate the effectiveness of MD2VH. Experiments results show that the capture rate of MD2VH is maintained at about 90% in the case of both simple topology and complex topology. Compared with the simple intelligent deployment strategy, such a metric is increased by 20% to 60%, and the result is more stable under different types of the attacker’s strategy.
20
Hu, Hao, Hongqi Zhang, Yuling Liu, and Yongwei Wang. "Quantitative Method for Network Security Situation Based on Attack Prediction." Security and Communication Networks 2017 (2017): 1–19. http://dx.doi.org/10.1155/2017/3407642.
Abstract:
Multistep attack prediction and security situation awareness are two big challenges for network administrators because future is generally unknown. In recent years, many investigations have been made. However, they are not sufficient. To improve the comprehensiveness of prediction, in this paper, we quantitatively convert attack threat into security situation. Actually, two algorithms are proposed, namely, attack prediction algorithm using dynamic Bayesian attack graph and security situation quantification algorithm based on attack prediction. The first algorithm aims to provide more abundant information of future attack behaviors by simulating incremental network penetration. Through timely evaluating the attack capacity of intruder and defense strategies of defender, the likely attack goal, path, and probability and time-cost are predicted dynamically along with the ongoing security events. Furthermore, in combination with the common vulnerability scoring system (CVSS) metric and network assets information, the second algorithm quantifies the concealed attack threat into the surfaced security risk from two levels: host and network. Examples show that our method is feasible and flexible for the attack-defense adversarial network environment, which benefits the administrator to infer the security situation in advance and prerepair the critical compromised hosts to maintain normal network communication.
21
Qiang, Weizhong, Shizhen Wang, Hai Jin, and Jiangying Zhong. "Fine-Grained Control-Flow Integrity Based on Points-to Analysis for CPS." Security and Communication Networks 2018 (October 17, 2018): 1–11. http://dx.doi.org/10.1155/2018/3130652.
Abstract:
A cyber-physical system (CPS) is known as a mix system composed of computational and physical capabilities. The fast development of CPS brings new security and privacy requirements. Code reuse attacks that affect the correct behavior of software by exploiting memory corruption vulnerabilities and reusing existing code may also be threats to CPS. Various defense techniques are proposed in recent years as countermeasures to emerging code reuse attacks. However, they may fail to fulfill the security requirement well because they cannot protect the indirect function calls properly when it comes to dynamic code reuse attacks aiming at forward edges of control-flow graph (CFG). In this paper, we propose P-CFI, a fine-grained control-flow integrity (CFI) method, to protect CPS against memory-related attacks. We use points-to analysis to construct the legitimate target set for every indirect call cite and check whether the target of the indirect call cite is in the legitimate target set at runtime. We implement a prototype of P-CFI on LLVM and evaluate both its functionality and performance. Security analysis proves that P-CFI can mitigate the dynamic code reuse attack based on forward edges of CFG. Performance evaluation shows that P-CFI can protect CPS from dynamic code reuse attacks with trivial time overhead between 0.1% and 3.5% (Copyright © 2018 John Wiley & Sons, Ltd.).
22
Qin, Zhi-Quan, Hong-Zuo Xu, Xing-Kong Ma, and Yong-Jun Wang. "Interaction Context-Aware Network Behavior Anomaly Detection for Discovering Unknown Attacks." Security and Communication Networks 2022 (April 11, 2022): 1–24. http://dx.doi.org/10.1155/2022/3595304.
Abstract:
Network behavior anomaly detection is an effective approach to discover unknown attacks, where generating high-efficacy network behavior representation is one of the most crucial parts. Nowadays, complicated network environments and advancing attack techniques make it more challenging. Existing methods cannot yield satisfied representations that express the semantics of network behaviors comprehensively. To tackle this problem, we propose XNBAD, a novel unsupervised network behavior anomaly detection framework, in this work. It integrates the timely high-order host states under the dynamic interaction context with the conversation patterns between hosts for behavior representation. High-order states can better summarize latent interaction patterns, but they are hard to be obtained directly. Therefore, XNBAD utilizes a graph neural network (GNN) to automatically generate high-order features from series of extracted base ones. We evaluated the detection performance of XNBAD in a publicly available benchmark dataset ISCX-2012. To report detailed and precise experimental results, we carefully refined the dataset before evaluation. The results show that XNBAD discovered various attack behaviors more effectively, and it significantly outperformed the existing representative methods by at least 3.8 % relative improvement in terms of the overall weighted AUC.
23
Turnip, Togu Novriansyah, William Suarez Lumbantobing, David Christian Sitorus, and Friska Laurenzia Sianturi. "Software Watermarking Dinamis dengan Algoritme Collberg-Thomborson Dan Parent Pointer Graf pada Aplikasi Android." Jurnal Teknologi Informasi dan Ilmu Komputer 8, no. 4 (July 22, 2021): 831. http://dx.doi.org/10.25126/jtiik.2021844500.
Abstract:
<p class="15"><em>Smartphone</em> merupakan alat umum yang digunakan masyarakat dalam kehidupan sehari-hari. Sistem operasi yang paling banyak digunakan pada smartphone adalah Android. Aplikasi pada Android dapat diperoleh tidak hanya di Play Store saja, namun juga dapat ditemukan secara bebas di <em>website-website</em> yang berada di internet. Oleh karena itu aplikasi Android rentan terhadap pembajakan.<em> Software watermarking</em> merupakan metode umum yang biasanya digunakan untuk mengantisipasi pembajakan perangkat lunak dengan menyisipkan informasi pengenal ke dalam suatu program. Tujuan dari <em>software watermarking</em> adalah untuk membuktikan kepemilikan dari sebuah program. Salah satu teknik watermarking adalah <em>dynamic watermarking. </em>Teknik ini akan men-<em>generate</em> <em>watermark</em> ketika program dieksekusi. <em>Dynamic Graph Watermarking</em> (DGW) merupakan salah satu metode dalam <em>software watermarking</em>. Dalam penyisipan <em>watermark, </em>metode ini menggunakan struktur graf yang dibuat berdasarkan enumerasi graf. Salah satu algoritma dalam DGW adalah Colberg-Thomborson (CT) <em>algorithm. </em>Algoritma tersebut menggunakan <em>code</em> yang dapat membentuk <em>watermark </em>saat <em>runtime program</em><em>.</em> Pemberian <em>watermark</em> terhadap sebuah aplikasi dilakukan dengan menggunakan CT <em>algorithm</em> dan enumerasi <em>Parent Pointer Graph (PPG).</em> Untuk menyisipkan watermark terhadap aplikasi Android, dibuat sebuah <em>library</em> Java dan sebuah simulator berbasis desktop untuk mengekstrak <em>watermark</em>. Dari hasil pengujian dapat disimpulkan bahwa PPG dapat digunakan sebagai enumerasi pada metode DGW dan memiliki tingkat ketahanan yang tinggi terhadap <em>distortive</em><em> attack </em>namun tidak pada <em>subtractive </em>dan<em> additive attack</em>. Dari penelitian juga diperoleh hasil bahwa pemberian <em>watermark</em> memberikan penambahan <em>size</em> pada apk Android namun tidak mempengaruhi peningkatan penggunaan <em>memory</em> dan <em>processor</em> aplikasi.</p><p class="15"> </p><p class="15"><em><strong>Abstract </strong></em></p><p class="15"><em>Smartphones are common tools in people’s daily life. The most common operating in smartphone is Android. Our android application can be obtained not only in the Play Store, but also free websites on the internet. Therefore, Android applications are vulnerable to piracy. Software watermarking is a common method used to anticipate software piracy by inserting identifying information into a program. The purpose of software watermarking is to prove ownership of a program. One of the watermarking techniques is dynamic watermarking that generates watermarks when the program is executed. Dynamic Graph Watermarking (DGW) is one of the software watermarking methods. This method uses a graph structure which created based on graph enumeration in inserting the watermark. One of the DGW algorithm is Colberg-Thomborson (CT) which use code that can form a watermark at program run time. For watermarking an application, we use CT algorithm and Parent Pointer Graph (PPG) enumeration. To embed watermark to the android application we create a Java library and a desktop-based simulator to extract watermark from android application. Our result shows that PPG can be used as an enumeration and has robustness in defending against distortive attack but not to subtractive and additive attacks. we also get that watermark gives an additional size to an android apk but it does not affect the increase in memory and processor usage.</em></p><p align="justify"> </p>
24
Wang, Chundong, Zheli Liu, and Tong Zhao. "An activity theory model for dynamic evolution of attack graph based on improved least square genetic algorithm." International Journal of Information and Computer Security 12, no. 4 (2020): 397. http://dx.doi.org/10.1504/ijics.2020.10028756.
25
Wang, Chundong, Tong Zhao, and Zheli Liu. "An activity theory model for dynamic evolution of attack graph based on improved least square genetic algorithm." International Journal of Information and Computer Security 12, no. 4 (2020): 397. http://dx.doi.org/10.1504/ijics.2020.107448.
26
Song, Xuyan, Chen Chen, Baojiang Cui, and Junsong Fu. "Malicious JavaScript Detection Based on Bidirectional LSTM Model." Applied Sciences 10, no. 10 (May 16, 2020): 3440. http://dx.doi.org/10.3390/app10103440.
Abstract:
JavaScript has been widely used on the Internet because of its powerful features, and almost all the websites use it to provide dynamic functions. However, these dynamic natures also carry potential risks. The authors of the malicious scripts started using JavaScript to launch various attacks, such as Cross-Site Scripting (XSS), Cross-site Request Forgery (CSRF), and drive-by download attack. Traditional malicious script detection relies on expert knowledge, but even for experts, this is an error-prone task. To solve this problem, many learning-based methods for malicious JavaScript detection are being explored. In this paper, we propose a novel deep learning-based method for malicious JavaScript detection. In order to extract semantic information from JavaScript programs, we construct the Program Dependency Graph (PDG) and generate semantic slices, which preserve rich semantic information and are easy to transform into vectors. Then, a malicious JavaScript detection model based on the Bidirectional Long Short-Term Memory (BLSTM) neural network is proposed. Experimental results show that, in comparison with the other five methods, our model achieved the best performance, with an accuracy of 97.71% and an F1-score of 98.29%.
27
Heigl, Michael, Enrico Weigelt, Andreas Urmann, Dalibor Fiala, and Martin Schramm. "Exploiting the Outcome of Outlier Detection for Novel Attack Pattern Recognition on Streaming Data." Electronics 10, no. 17 (September 4, 2021): 2160. http://dx.doi.org/10.3390/electronics10172160.
Abstract:
Future-oriented networking infrastructures are characterized by highly dynamic Streaming Data (SD) whose volume, speed and number of dimensions increased significantly over the past couple of years, energized by trends such as Software-Defined Networking or Artificial Intelligence. As an essential core component of network security, Intrusion Detection Systems (IDS) help to uncover malicious activity. In particular, consecutively applied alert correlation methods can aid in mining attack patterns based on the alerts generated by IDS. However, most of the existing methods lack the functionality to deal with SD data affected by the phenomenon called concept drift and are mainly designed to operate on the output from signature-based IDS. Although unsupervised Outlier Detection (OD) methods have the ability to detect yet unknown attacks, most of the alert correlation methods cannot handle the outcome of such anomaly-based IDS. In this paper, we introduce a novel framework called Streaming Outlier Analysis and Attack Pattern Recognition, denoted as SOAAPR, which is able to process the output of various online unsupervised OD methods in a streaming fashion to extract information about novel attack patterns. Three different privacy-preserving, fingerprint-like signatures are computed from the clustered set of correlated alerts by SOAAPR, which characterizes and represents the potential attack scenarios with respect to their communication relations, their manifestation in the data’s features and their temporal behavior. Beyond the recognition of known attacks, comparing derived signatures, they can be leveraged to find similarities between yet unknown and novel attack patterns. The evaluation, which is split into two parts, takes advantage of attack scenarios from the widely-used and popular CICIDS2017 and CSE-CIC-IDS2018 datasets. Firstly, the streaming alert correlation capability is evaluated on CICIDS2017 and compared to a state-of-the-art offline algorithm, called Graph-based Alert Correlation (GAC), which has the potential to deal with the outcome of anomaly-based IDS. Secondly, the three types of signatures are computed from attack scenarios in the datasets and compared to each other. The discussion of results, on the one hand, shows that SOAAPR can compete with GAC in terms of alert correlation capability leveraging four different metrics and outperforms it significantly in terms of processing time by an average factor of 70 in 11 attack scenarios. On the other hand, in most cases, all three types of signatures seem to reliably characterize attack scenarios such that similar ones are grouped together, with up to 99.05% similarity between the FTP and SSH Patator attack.
28
Craandijk, Dennis, and Floris Bex. "Enforcement Heuristics for Argumentation with Deep Reinforcement Learning." Proceedings of the AAAI Conference on Artificial Intelligence 36, no. 5 (June 28, 2022): 5573–81. http://dx.doi.org/10.1609/aaai.v36i5.20497.
Abstract:
In this paper, we present a learning-based approach to the symbolic reasoning problem of dynamic argumentation, where the knowledge about attacks between arguments is incomplete or evolving. Specifically, we employ deep reinforcement learning to learn which attack relations between arguments should be added or deleted in order to enforce the acceptability of (a set of) arguments. We show that our Graph Neural Network (GNN) architecture EGNN can learn a near optimal enforcement heuristic for all common argument-fixed enforcement problems, including problems for which no other (symbolic) solvers exist. We demonstrate that EGNN outperforms other GNN baselines and on enforcement problems with high computational complexity performs better than state-of-the-art symbolic solvers with respect to efficiency. Thus, we show our neuro-symbolic approach is able to learn heuristics without the expert knowledge of a human designer and offers a valid alternative to symbolic solvers. We publish our code at https://github.com/DennisCraandijk/DL-Abstract-Argumentation.
29
Xu, Hanyi, Guozhen Cheng, Xiaohan Yang, Wenyan Liu, Dacheng Zhou, and Wei Guo. "Multi-Dimensional Moving Target Defense Method Based on Adaptive Simulated Annealing Genetic Algorithm." Electronics 13, no. 3 (January 24, 2024): 487. http://dx.doi.org/10.3390/electronics13030487.
Abstract:
Due to the fine-grained splitting of microservices and frequent communication between microservices, the exposed attack surface of microservices has exploded, facilitating the lateral movement of attackers between microservices. To solve this problem, a multi-dimensional moving target defense method based on an adaptive simulated annealing genetic algorithm (MD2RS) is proposed. Firstly, according to the characteristics of microservices in the cloud, a microservice attack graph is proposed to quantify the attack scenario of microservices in the cloud so as to conveniently and intuitively observe the vulnerability of microservices in the cloud and the dependency relationship between microservices. Secondly, the security gain and resource cost are quantified for the key nodes selected by measuring the degree of dependence of each node according to the degree centrality. Finally, the Adaptive Simulated Annealing Genetic Algorithm (ASAGA) is used to solve the optimal security configuration information of the moving target defense, that is, the combination of the number of copies of the multi-copy deployment and the rotation cycle of the dynamic rotation of microservices, in order to quickly evaluate the security risks of microservices and optimize the security policy. Experiments show that the defense return rate of MD2RS is 85.95% higher than that of the mainstream methods, and the experimental results are conducive to applying this method to the dynamic defense of microservices in the cloud.
30
Аверьянов, В. С., and И. Н. Карцан. "ASSESSMENT OF THE SECURITY OF CYBER-PHYSICAL SYSTEMS BASED ON A GENERAL GRAPH." Южно-Сибирский научный вестник, no. 1(41) (February 28, 2022): 30–35. http://dx.doi.org/10.25699/sssb.2022.41.1.013.
Abstract:
Динамичное развитие IT– отрасли, повышение автоматизации и технологичности бизнес - процессов, рост числа организаций внедряющих облачную инфраструктуру, а также повсеместная цифровизация, создает благоприятную среду для масштабирования хакерских атак в сфере кибербезопасности. При этом векторами целевых атак являются: социальная инженерия, неквалифицированные пользователи цифровых сервисов, эксплуатация уязвимостей основных систем и сопутствующей инфраструктуры. Вопросы своевременного реагирования, локализации и выявления киберинцидентов являются насущными, требующими временных и финансовых затрат. Для минимизации рисков утраты критических активов компании, необходимо построение эффективных организационных и технических мер, непрерывная адаптация под ландшафт угроз и изменения в объекте защиты. Мероприятия по предотвращению вторжений в защищаемую систему напрямую зависят от точности определения уязвимых мест, внедрения новых средств мониторинга и противодействия. В настоящем исследовании рассмотрен метод оценки защищенности киберфизических систем на основе ориентированного графа атак. Авторами предложен алгоритм определения последовательностей вершин, нахождения максимального количества переходов и выявления возможных связей между ними. Описаны метрики безопасности и векторы атак, определены пять групп категорий опасностей для новых и существующих уязвимостей в соответствии с актуальной версией CVSS 3.1. Проведена оценка рисков потенциальных потерь информационных активов при возникновении фатальных угроз безопасности информации. Особое внимание уделено вопросам совершенствования систем мониторинга и обнаружения вторжений в защищаемые объекты информатизации. The dynamic development of IT - the industry, increasing the automation and technicality of business processes, the growth of the number of enterprise companies implementing cloud infrastructure, as well as widespread digitalization, creates a favorable environment for scaling hacker attacks in the field of cybersecurity. At the same time, the vectors of targeted attacks are: social engineering, unskilled users of digital services, the operation of vulnerabilities of basic systems and related infrastructure. Issues of timely response, localization and detection of cyber-incidents were urgent, requiring time and financial costs. To minimize the risk of loss of critical assets of the company, it is necessary to build effective organizational and technical measures, continuous adaptation to the threat landscape and changes in the protection object. Measures to prevent intrusions into the protected system directly depend on the accuracy of identifying vulnerabilities, the introduction of new monitoring and countermeasures. The present study discusses a method for assessing the security of cyberphysical systems based on an oriented attack graph. The authors propose an algorithm for determining sequences of vertices, finding the maximum number of transitions and identifying possible connections between them. Security metrics and attack vectors are described, five groups of hazard categories for new and existing vulnerabilities are defined in accordance with the current version of CVSS 3.1. The risk of potential loss of information assets in case of fatal threats to information security was assessed. Special attention is paid to improvement of systems of monitoring and detection of intrusions into protected objects of informatization.
31
Ustun, Taha Selim, and Saqib Ayyubi. "Automated Network Topology Extraction Based on Graph Theory for Distributed Microgrid Protection in Dynamic Power Systems." Electronics 8, no. 6 (June 10, 2019): 655. http://dx.doi.org/10.3390/electronics8060655.
Abstract:
Unlike conventional grids, microgrids may utilize different connections and the overall topology can be variable. Considering this, it is required to develop a new protection concept/scheme for safe operation. Maintaining proper selective operation of the relays in these dynamic microgrid structures is a challenge itself. This requires monitoring the connections and updating time delays of the relays which will ensure the desired hierarchy in the system. In this paper, a novel approach has been taken where electrical networks are modeled according to graph theory. Smart algorithms, such as network graph discovery, local manager selection, and protection coordination strategy, are run to automatically detect topology changes and ensure proper protection operation. Furthermore, distributed nature of this method mitigates the risks associated with central controller-based schemes. The developed method is applicable to all power system operations, and it poses a unique implementation in postdisaster recovery. After a disaster or terror attack, this self-diagnosis, self-healing system can identify healthy sections and run them as a standalone system until the relief arrives. The ability of the protection system to be run as a distributed control makes sure that any healthy part of the system can be restructured and utilized, without the dependency, on any central controller or connection.
32
Zhang, Quan, Chijin Zhou, Yiwen Xu, Zijing Yin, Mingzhe Wang, Zhuo Su, Chengnian Sun, Yu Jiang, and Jiaguang Sun. "Building Dynamic System Call Sandbox with Partial Order Analysis." Proceedings of the ACM on Programming Languages 7, OOPSLA2 (October 16, 2023): 1253–80. http://dx.doi.org/10.1145/3622842.
Abstract:
Attack surface reduction is a security technique that secures the operating system by removing the unnecessary code or features of a program. By restricting the system calls that programs can use, the system call sandbox is able to reduce the exposed attack surface of the operating system and prevent attackers from damaging it through vulnerable programs. Ideally, programs should only retain access to system calls they require for normal execution. Many researchers focus on adopting static analysis to automatically restrict the system calls for each program. However, these methods do not adjust the restriction policy along with program execution. Thus, they need to permit all system calls required for program functionalities. We observe that some system calls, especially security-sensitive ones, are used a few times in certain stages of a program’s execution and then never used again. This motivates us to minimize the set of required system calls dynamically. In this paper, we propose , which gradually disables access to unnecessary system calls throughout the program’s execution. To accomplish this, we utilize partial order analysis to transform the program into a partially ordered graph, which enables efficient identification of the necessary system calls at any given point during program execution. Once a system call is no longer required by the program, can restrict it immediately. To evaluate , we applied it to seven widely-used programs with an average of 615 KLOC, including web servers and databases. With partial order analysis, restricts an average of 23.50, 16.86, and 15.89 more system calls than the state-of-the-art Chestnut, Temporal Specialization, and the configuration-aware sandbox, C2C, respectively. For mitigating malicious exploitations, on average, defeats 83.42% of 1726 exploitation payloads with only a 5.07% overhead.
33
Inibhunu, Catherine, and Scott Langevin. "Adaptive Visualization of Complex Networks with FocalPoint." Proceedings of the Human Factors and Ergonomics Society Annual Meeting 60, no. 1 (September 2016): 233–37. http://dx.doi.org/10.1177/1541931213601052.
Abstract:
Maintaining situational awareness of a dynamic global computer network that consists of ten to hundreds of thousands of computers is a complex task for cyber administrators and operators looking to understand, plan and conduct operations in real time. Currently, cyber specialists must manually navigate complex networks by continuous cycles of overviews, drilldowns and manually mapping network incidents to mission impact. This is inefficient as manually maneuvering of network data is laborious, induces cognitive overload, and is prone to errors caused by distractive information resulting in important information and impacts not being seen. We are investigating “FocalPoint” an adaptive level of detail (LOD) recommender system tailored for hierarchical network information structures. FocalPoint reasons about contextual information associated with the network, user task, and user cognitive load to tune the presentation of network visualization displays to improve user performance in perception, comprehension and projection of current situational awareness. Our system is applied to two complex information constructs important to dynamic cyber network operations: network maps and attack graphs. The key innovations include: (a) context-aware automatic tailoring of complex network views, (b) multi-resolution hierarchical graph aggregation, (c) incorporation of new computational models for adaptive-decision making on user tasks, cost/benefit utility and human situation awareness, and (d) user interaction techniques to integrate recommendations into the network viewing system. Our aim is to have a direct impact on planning and operations management for complex networks by; overcoming information overload, preventing tunnel vision, reducing cognitive load, and increasing time available to focus on optimum level of details of the global network space and missions.
34
Cheng, Xiao Han, Shan Ming Luo, Xue Feng Chang, and Dan Xie. "Numerical Analysis of an External Flow-Field around a Formula SAE Car Body Based on FLUENT." Advanced Materials Research 1039 (October 2014): 17–24. http://dx.doi.org/10.4028/www.scientific.net/amr.1039.17.
Abstract:
This paper proposed a method to analysis an external flow-field around a Formula SAE car. Firstly, the body of Formula SAE car was designed conforming to the FSAE rules using CATIA. Then, the model of the external flow-field around the vehicle was established using computational fluid dynamic technology. A comparative analysis of the aerodynamic characteristics was made for the body between the conditions of being without the wing package and being with the wing package under different attack angle to get the static pressure graph, the lift force and the drag force then worked out the drag coefficient and confirmed which is the most suitable angle for the wings. The results showed that: the static pressure of the front body, the front part of the tires and the driver’s chest and head is the highest; the body has good streamline since its drag coefficient is 0.385; the rear wings can supply 65% downforce, when the attack angle of the rear wing is set to 8°. Finally, the real mold was fabricated according to the above 3D model and the analysis results. The method presented in this paper can provide theoretical basis and technical parameter for the aerodynamic formation designing and amelioration of the Formula SAE cars. Also it has guiding significance for the design and aerodynamic analysis of the Ordinary Passenger car.
35
Mannarini, Gianandrea, Mario Leonardo Salinas, Lorenzo Carelli, Nicola Petacco, and Josip Orović. "VISIR-2: ship weather routing in Python." Geoscientific Model Development 17, no. 10 (May 24, 2024): 4355–82. http://dx.doi.org/10.5194/gmd-17-4355-2024.
Abstract:
Abstract. Ship weather routing, which involves suggesting low-emission routes, holds potential for contributing to the decarbonisation of maritime transport. However, including because of a lack of readily deployable open-source and open-language computational models, its quantitative impact has been explored only to a limited extent. As a response, the graph-search VISIR (discoVerIng Safe and effIcient Routes) model has been refactored in Python, incorporating novel features. For motor vessels, the angle of attack of waves has been considered, while for sailboats the combined effects of wind and sea currents are now accounted for. The velocity composition with currents has been refined, now encompassing leeway as well. Provided that the performance curve is available, no restrictions are imposed on the vessel type. A cartographic projection has been introduced. The graph edges are quickly screened for coast intersection via a K-dimensional tree. A least-CO2 algorithm in the presence of dynamic graph edge weights has been implemented and validated, proving a quasi-linear computational performance. The software suite's modularity has been significantly improved, alongside a thorough validation against various benchmarks. For the visualisation of the dynamic environmental fields along the route, isochrone-bounded sectors have been introduced. The resulting VISIR-2 model has been employed in numerical experiments within the Mediterranean Sea for the entirety of 2022, utilising meteo-oceanographic analysis fields. For a 125 m long ferry, the percentage saving of overall CO2 expenditure follows a bi-exponential distribution. Routes with a carbon dioxide saving of at least 2 % with respect to the least-distance route were found for prevailing beam or head seas. Two-digit savings, up to 49 %, were possible for about 10 d in a year. In the case of an 11 m sailboat, time savings increased with the extent of path elongation, particularly during upwind sailing. The sailboat's routes were made approximately 2.4 % faster due to optimisation, with the potential for an additional 0.8 % in savings by factoring in currents. VISIR-2 serves as an integrative model, uniting expertise from meteorology, oceanography, ocean engineering, and computer science, to evaluate the influence of ship routing on decarbonisation efforts within the shipping industry.
36
Jayanthi Rao, Et al. "Intelligent Traffic Monitoring System Using Vehicular Ad Hoc Network." International Journal on Recent and Innovation Trends in Computing and Communication 11, no. 10 (November 2, 2023): 629–35. http://dx.doi.org/10.17762/ijritcc.v11i10.8557.
Abstract:
The growing significance of road safety and human engagement in transport has emerged as a matter of national concern, exerting a profound impact on the lives of individuals.. Many road accidents and crashes failed to ensure human life safety. As a result, the traffic management system must maintain the balance in accordance with the maximum road limits. Vehicles with sensors and automated self-driving capabilities are now available, such as Tesla and others. The proposed system is based on a technique known as Intervention linear minimum spanning tree (ILMST), which employs a topology with lengths that are proportionally equal. When using dynamic topology, there is packet loss during a change of location or a continuous update in networking via vehicle movement from one location to another. In this manner, each node computes the weighted nodes with a number of partitions in order to provide a linear time update. This reduces the number of connected edges in the graph that are repeated. When the size of the repeated graphs that relate the GPS route from the maps is reduced, traffic updates avoid recursion and provide the best routes for customers. Traffic congestion overhead can be reduced by implementing the proposed methodology. It is possible to avoid it where there are traffic signals and all other sensor-based wireless devices in a vehicular Ad Hoc Network (VANET). The safety measures are also a necessary step based on the communications in routing and other protocols. The system, when combined with a neural network-based positioning system (NNPS) with various perceptrons, can maintain vehicle speed and categorize safety threats such as group classification. A solution can be found by repairing the DDoS attack based on the results of the various aspects that provide output for malicious monitoring.
37
Zhuang, Jun, and Mohammad Al Hasan. "Defending Graph Convolutional Networks against Dynamic Graph Perturbations via Bayesian Self-Supervision." Proceedings of the AAAI Conference on Artificial Intelligence 36, no. 4 (June 28, 2022): 4405–13. http://dx.doi.org/10.1609/aaai.v36i4.20362.
Abstract:
In recent years, plentiful evidence illustrates that Graph Convolutional Networks (GCNs) achieve extraordinary accomplishments on the node classification task. However, GCNs may be vulnerable to adversarial attacks on label-scarce dynamic graphs. Many existing works aim to strengthen the robustness of GCNs; for instance, adversarial training is used to shield GCNs against malicious perturbations. However, these works fail on dynamic graphs for which label scarcity is a pressing issue. To overcome label scarcity, self-training attempts to iteratively assign pseudo-labels to highly confident unlabeled nodes but such attempts may suffer serious degradation under dynamic graph perturbations. In this paper, we generalize noisy supervision as a kind of self-supervised learning method and then propose a novel Bayesian self-supervision model, namely GraphSS, to address the issue. Extensive experiments demonstrate that GraphSS can not only affirmatively alert the perturbations on dynamic graphs but also effectively recover the prediction of a node classifier when the graph is under such perturbations. These two advantages prove to be generalized over three classic GCNs across five public graph datasets.
38
Onyshchenko, Svitlana, Alina Yanko, Alina Hlushko, and Polina Sabelnikova. "Assessment of information protection level against unauthorized access." ScienceRise, no. 2 (April 30, 2023): 36–44. http://dx.doi.org/10.21303/2313-8416.2023.003211.
Abstract:
The object of research. The study considers an effective method of assessing the information protection level in a computer network against unauthorized access based on the security graph.
Investigated problem. Existing approaches to assessing the information protection level against unauthorized access have certain shortcomings: the real structure of computer networks is not taken into account, losses from unauthorized access are estimated in a monetary unit, which may not always be appropriate, the variability of modern cyber-attack scenarios and dynamic characteristics are not fully taken into account .
The main scientific results. The results of the study showed that the proposed method of assessing the information protection level against unauthorized access in computer networks based on the security graph allows for a more accurate description of information resources due to their characteristic vulnerabilities. Based on the calculations of the security indicators of individual resources and the security of all information in the computer network, the ranking of risks and, accordingly, information resources according to the degree of criticality for the organization's activities is carried out. Recommendations have been developed to ensure the necessary information protection level against unauthorized access in the computer network.
The area of practical use of research results. The results of the research can be used in practice in corporate computer networks of any organizations, since the proposed method for assessing the information protection level against unauthorized access is easily adapted to the specific needs of the organization, taking into account the specifics of its activities and business.
Innovative technological product. The results of the study created an innovative strategy for assessing the information protection level against unauthorized access, which increases the control of information security and the compliance of computer networks with existing eligibility criteria.
Scope of the innovative technological product. The results of the research and the created innovative strategies relate to the information security of computer networks of any organizations.
39
Manoharan, J. Samuel. "Design of an Intelligent Approach on Capsule Networks to Detect Forged Images." September 2021 3, no. 3 (October 2, 2021): 205–21. http://dx.doi.org/10.36548/jtcsst.2021.3.004.
Abstract:
Forgeries have recently become more prevalent in the society as a result of recent improvements in media generation technologies. In real-time, modern technology allows for the creation of a forged version of a single image obtained from a social network. Forgery detection algorithms have been created for a variety of areas; however they quickly become obsolete as new attack types exist. This paper presents a unique image forgery detection strategy based on deep learning algorithms. The proposed approach employs a convolutional neural network (CNN) to produce histogram representations from input RGB color images, which are then utilized to detect image forgeries. With the image separation method and copy-move detection applications in mind, the proposed CNN is combined with an intelligent approach and histogram mapping. It is used to detect fake or true images at the initial stage of our proposed work. Besides, it is specially designed for performing feature extraction in image layer separation with the help of CNN model. To capture both geographical and histogram information and the likelihood of presence at the same time, we use vectors in our dynamic capsule networks to detect the forgery kernels from reference images. The proposed research work integrates the intelligence with a feature engineering approach in an efficient manner. They are well-known and efficient in the identification of forged images. The performance metrics such as accuracy, recall, precision, and half total error rate (HTER) are computed and tabulated with the graph plot.
40
Fang, Zhu, and Zhengquan Xu. "Dynamic Random Graph Protection Scheme Based on Chaos and Cryptographic Random Mapping." Information 13, no. 11 (November 14, 2022): 537. http://dx.doi.org/10.3390/info13110537.
Abstract:
Advances in network technology have enhanced the concern for network security issues. In order to address the problem that hopping graph are vulnerable to external attacks (e.g., the changing rules of fixed graphs are more easily grasped by attackers) and the challenge of achieving both interactivity and randomness in a network environment, this paper proposed a scheme for a dynamic graph based on chaos and cryptographic random mapping. The scheme allows hopping nodes to compute and obtain dynamically random and uncorrelated graph of other nodes independently of each other without additional interaction after the computational process of synchronous mirroring. We first iterate through the chaos algorithm to generate random seed parameters, which are used as input parameters for the encryption algorithm; secondly, we execute the encryption algorithm to generate a ciphertext of a specified length, which is converted into a fixed point number; and finally, the fixed point number is mapped to the network parameters corresponding to each node. The hopping nodes are independently updated with the same hopping map at each hopping period, and the configuration of their own network parameters is updated, so that the updated graph can effectively prevent external attacks. Finally, we have carried out simulation experiments and related tests on the proposed scheme and demonstrated that the performance requirements of the random graphs can be satisfied in both general and extreme cases.
41
Zhang, Shuqin, Shijie Wang, Guangyao Bai, Minzhi Zhang, Peng Chen, Chunxia Zhao, Shuhan Li, and Jiehan Zhou. "Design of Threat Response Modeling Language for Attacker Profile Based on Probability Distribution." Wireless Communications and Mobile Computing 2022 (June 16, 2022): 1–16. http://dx.doi.org/10.1155/2022/2323228.
Abstract:
Threat modeling and simulation (TMS) was aimed at dynamically capturing the features of attacks, which is a challenging job in complex Industrial Internet of Things (IIoT) control systems due to the complicated relationships among attacks. Recently, Meta Attack Language (MAL) showed its powerful TMS capabilities for representing complex attacks. However, existing methods pay less attention to the impact of changes in threat profiles on the simulation of key attack techniques. This paper proposes a novel method called threat response modeling language (TRMLang) for threat modeling and simulation in complex IIoT attacks. TRMLang obtains attacker information through an automated analysis of cyber threat intelligence (CTI) to build dynamic attacker profiles. Furthermore, it merges attacker features and probabilistic attack graphs in the simulation to improve TMS performance. The experimental results demonstrate that TRMLang can represent and evaluate the security conditions of IIoT control systems with two attack cases by Lazarus Group on SEGRID smart grids.
42
Kalinin, Maxim, Evgenii Zavadskii, and Alexey Busygin. "A Graph-Based Technique for Securing the Distributed Cyber-Physical System Infrastructure." Sensors 23, no. 21 (October 26, 2023): 8724. http://dx.doi.org/10.3390/s23218724.
Abstract:
Spreading digitalization, flexibility, and autonomy of technological processes in cyber-physical systems entails high security risks corresponding to negative consequences of the destructive actions of adversaries. The paper proposes a comprehensive technique that represents a distributed functional cyber-physical system’s infrastructure as graphs: a functional dependencies graph and a potential attacks graph. Graph-based representation allows us to provide dynamic detection of the multiple compromised nodes in the functional infrastructure and adapt it to rolling intrusions. The experimental modeling with the proposed technique has demonstrated its effectiveness in the use cases of advanced persistent threats and ransomware.
43
Nguyen, Thanh H., Mason Wright, Michael P. Wellman, and Satinder Singh. "Multistage Attack Graph Security Games: Heuristic Strategies, with Empirical Game-Theoretic Analysis." Security and Communication Networks 2018 (December 13, 2018): 1–28. http://dx.doi.org/10.1155/2018/2864873.
Abstract:
We study the problem of allocating limited security countermeasures to protect network data from cyber-attacks, for scenarios modeled by Bayesian attack graphs. We consider multistage interactions between a network administrator and cybercriminals, formulated as a security game. This formulation is capable of representing security environments with significant dynamics and uncertainty and very large strategy spaces. We propose parameterized heuristic strategies for the attacker and defender and provide detailed analysis of their time complexity. Our heuristics exploit the topological structure of attack graphs and employ sampling methods to overcome the computational complexity in predicting opponent actions. Due to the complexity of the game, we employ a simulation-based approach and perform empirical game analysis over an enumerated set of heuristic strategies. Finally, we conduct experiments in various game settings to evaluate the performance of our heuristics in defending networks, in a manner that is robust to uncertainty about the security environment.
44
Wei, Zhuangkun, Liang Wang, Schyler Chengyao Sun, Bin Li, and Weisi Guo. "Graph Layer Security: Encrypting Information via Common Networked Physics." Sensors 22, no. 10 (May 23, 2022): 3951. http://dx.doi.org/10.3390/s22103951.
Abstract:
The proliferation of low-cost Internet of Things (IoT) devices has led to a race between wireless security and channel attacks. Traditional cryptography requires high computational power and is not suitable for low-power IoT scenarios. Whilst recently developed physical layer security (PLS) can exploit common wireless channel state information (CSI), its sensitivity to channel estimation makes them vulnerable to attacks. In this work, we exploit an alternative common physics shared between IoT transceivers: the monitored channel-irrelevant physical networked dynamics (e.g., water/oil/gas/electrical signal-flows). Leveraging this, we propose, for the first time, graph layer security (GLS), by exploiting the dependency in physical dynamics among network nodes for information encryption and decryption. A graph Fourier transform (GFT) operator is used to characterise such dependency into a graph-bandlimited subspace, which allows the generation of channel-irrelevant cipher keys by maximising the secrecy rate. We evaluate our GLS against designed active and passive attackers, using IEEE 39-Bus system. Results demonstrate that GLS is not reliant on wireless CSI, and can combat attackers that have partial networked dynamic knowledge (realistic access to full dynamic and critical nodes remains challenging). We believe this novel GLS has widespread applicability in secure health monitoring and for digital twins in adversarial radio environments.
45
Poolsappasit, N., R. Dewri, and I. Ray. "Dynamic Security Risk Management Using Bayesian Attack Graphs." IEEE Transactions on Dependable and Secure Computing 9, no. 1 (January 2012): 61–74. http://dx.doi.org/10.1109/tdsc.2011.34.
46
Catal, Cagatay, Hakan Gunduz, and Alper Ozcan. "Malware Detection Based on Graph Attention Networks for Intelligent Transportation Systems." Electronics 10, no. 20 (October 18, 2021): 2534. http://dx.doi.org/10.3390/electronics10202534.
Abstract:
Intelligent Transportation Systems (ITS) aim to make transportation smarter, safer, reliable, and environmentally friendly without detrimentally affecting the service quality. ITS can face security issues due to their complex, dynamic, and non-linear properties. One of the most critical security problems is attacks that damage the infrastructure of the entire ITS. Attackers can inject malware code that triggers dangerous actions such as information theft and unwanted system moves. The main objective of this study is to improve the performance of malware detection models using Graph Attention Networks. To detect malware attacks addressing ITS, a Graph Attention Network (GAN)-based framework is proposed in this study. The inputs to this framework are the Application Programming Interface (API)-call graphs obtained from malware and benign Android apk files. During the graph creation, network metrics and the Node2Vec model are utilized to generate the node features. A GAN-based model is combined with different types of node features during the experiments and the performance is compared against Graph Convolutional Network (GCN). Experimental results demonstrated that the integration of the GAN and Node2Vec models provides the best performance in terms of F-measure and accuracy parameters and, also, the use of an attention mechanism in GAN improves the performance. Furthermore, node features generated with Node2Vec resulted in a 3% increase in classification accuracy compared to the features generated with network metrics.
47
Majeed, Abdul, Safiullah Khan, and Seong Oun Hwang. "A Comprehensive Analysis of Privacy-Preserving Solutions Developed for Online Social Networks." Electronics 11, no. 13 (June 21, 2022): 1931. http://dx.doi.org/10.3390/electronics11131931.
Abstract:
Owning to the massive growth in internet connectivity, smartphone technology, and digital tools, the use of various online social networks (OSNs) has significantly increased. On the one hand, the use of OSNs enables people to share their experiences and information. On the other hand, this ever-growing use of OSNs enables adversaries to launch various privacy attacks to compromise users’ accounts as well as to steal other sensitive information via statistical matching. In general, a privacy attack is carried out by the exercise of linking personal data available on the OSN site and social graphs (or statistics) published by the OSN service providers. The problem of securing user personal information for mitigating privacy attacks in OSNs environments is a challenging research problem. Recently, many privacy-preserving solutions have been proposed to secure users’ data available over OSNs from prying eyes. However, a systematic overview of the research dynamics of OSN privacy, and findings of the latest privacy-preserving approaches from a broader perspective, remain unexplored in the current literature. Furthermore, the significance of artificial intelligence (AI) techniques in the OSN privacy area has not been highlighted by previous research. To cover this gap, we present a comprehensive analysis of the state-of-the-art solutions that have been proposed to address privacy issues in OSNs. Specifically, we classify the existing privacy-preserving solutions into two main categories: privacy-preserving graph publishing (PPGP) and privacy preservation in application-specific scenarios of the OSNs. Then, we introduce a high-level taxonomy that encompasses common as well as AI-based privacy-preserving approaches that have proposed ways to combat the privacy issues in PPGP. In line with these works, we discuss many state-of-the-art privacy-preserving solutions that have been proposed for application-specific scenarios (e.g., information diffusion, community clustering, influence analysis, friend recommendation, etc.) of OSNs. In addition, we discuss the various latest de-anonymization methods (common and AI-based) that have been developed to infer either identity or sensitive information of OSN users from the published graph. Finally, some challenges of preserving the privacy of OSNs (i.e., social graph data) from malevolent adversaries are presented, and promising avenues for future research are suggested.
48
Kang, Qiyu, Kai Zhao, Yang Song, Yihang Xie, Yanan Zhao, Sijie Wang, Rui She, and Wee Peng Tay. "Coupling Graph Neural Networks with Fractional Order Continuous Dynamics: A Robustness Study." Proceedings of the AAAI Conference on Artificial Intelligence 38, no. 12 (March 24, 2024): 13049–58. http://dx.doi.org/10.1609/aaai.v38i12.29203.
Abstract:
In this work, we rigorously investigate the robustness of graph neural fractional-order differential equation (FDE) models. This framework extends beyond traditional graph neural (integer-order) ordinary differential equation (ODE) models by implementing the time-fractional Caputo derivative. Utilizing fractional calculus allows our model to consider long-term memory during the feature updating process, diverging from the memoryless Markovian updates seen in traditional graph neural ODE models. The superiority of graph neural FDE models over graph neural ODE models has been established in environments free from attacks or perturbations. While traditional graph neural ODE models have been verified to possess a degree of stability and resilience in the presence of adversarial attacks in existing literature, the robustness of graph neural FDE models, especially under adversarial conditions, remains largely unexplored. This paper undertakes a detailed assessment of the robustness of graph neural FDE models. We establish a theoretical foundation outlining the robustness characteristics of graph neural FDE models, highlighting that they maintain more stringent output perturbation bounds in the face of input and graph topology disturbances, compared to their integer-order counterparts. Our empirical evaluations further confirm the enhanced robustness of graph neural FDE models, highlighting their potential in adversarially robust applications.
49
Dharmalingam, Jeya Mala, and M. Eswaran. "An Agent Based Intelligent Dynamic Vulnerability Analysis Framework for Critical SQLIA Attacks." International Journal of Intelligent Information Technologies 14, no. 3 (July 2018): 56–82. http://dx.doi.org/10.4018/ijiit.2018070104.
Abstract:
This article describes how software vulnerability analysis and testing for web applications should detect not only the common attacks but also dynamic vulnerability attacks. These are the attacks such as structured query language injection attacks (SQLIAs) which will extract the most crucial user information from the targeted database. In this proposed approach, an intelligent agent namely intelligent vulnerability analyzer agent (IVA) is proposed in which the external attacks due to dynamic user inputs are identified using a heuristic-guided intelligent graph searching and then a pre and post condition based analysis is performed to identify the dynamic vulnerabilities. Further, the proposed approach is compared with some of the existing works based on the number of false positives and false negatives of attacks detection and confirmed that the proposed work is a novel and effective one in finding out SQLIAs.
50
Li, Yicai, and Lin Shi. "Building Security Mechanisms for Cross-Border Business Customer Data Analysis Based on Smart Computing." Mathematical Problems in Engineering 2022 (March 22, 2022): 1–10. http://dx.doi.org/10.1155/2022/9017267.
Abstract:
Dynamic social networks also suffer from privacy violation due to the continuous release of data. In order to defend against enemy attacks, a new dynamic privacy-preserving method is innovated, called Dynamic k w Re-Structured Diversity Anonymity ( k w -SDA). This method limits the probability of disclosure of node/community identities to 1 / k when data are continuously published by protecting individuals in groups. The graph based on the previous w − 1 is released, missing some graph alterations. The advantage of the proposed method is to save many features of the network while protecting privacy efficiently and effectively.