The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
With the advancement of technology, the uses of Multi-UAV networks have been rising, especially in life-threatening tasks of disaster management and military operations. Multi-UAV networks face various security issues because of being a member of an Adhoc network family. There is a dire need to design a threat model that can identify threats, quantify risks involved and address them. In this paper,...
The number of software vulnerabilities discovered and publicly disclosed is increasing every year; however, only a small fraction of them is exploited in real-world attacks. With limitations on time and skilled resources, organizations often look at ways to identify threatened vulnerabilities for patch prioritization. In this paper, we present an exploit prediction model that predicts whether a vulnerability...
In this paper, we present a novel model and visualization approach for heterogeneous sources of data. We represent our data by using a model inspired by STIX. Then, we use clustering algorithms to select interesting information to explore in a visualization panel. The visualization is based on a 3D graph representation that highlights the link between malicious event and allows to focus on relevant...
As the number and variety of cyber threats increase, it becomes more critical to share intelligence information in a fast and efficient manner. However, current cyber threat intelligence data do not contain sufficient information about how to specify countermeasures or how institutions should apply countermeasures automatically on their networks. A flexible and agile network architecture is required...
In the recent years, we have observed the development of several connected and mobile devices intended for daily use. This development has come with many risks that might not be perceived by the users. These threats are compromising when an unauthorized entity has access to private big data generated through the user objects in the Internet of Things. In the literature, many solutions have been proposed...
It is expected that there are a variety of energy resources to be jointly operated by the power system in the future. Through jointly operating all types of energy resources via the Internet, Energy Internet is a promising solution to increase energy efficiency. However, the increasing integration of energy resources inevitably imposes challenges in secure communication in the Energy Internet. Resourceful...
Machine learning has become one of the go-to methods for solving problems in the field of networking. This development is driven by data availability in large-scale networks and the commodification of machine learning frameworks. While this makes it easier for researchers to implement and deploy machine learning solutions on networks quickly, there are a number of vital factors to account for when...
The increasing collection and use of sensitive datasets in science, coupled with the need for inter-institutional collaboration, poses new challenges for infrastructure and administrative models. While enclaves, such as CLOUD KOTTA, provide for the secure management and analysis of data, they do not yet support the administrative models needed by today's researcher practices. Current approaches often...
Defending against cache pollution attacks, highly detrimental attacks that are easy to implement in Named-Data Networking (NDN), currently suffers from the lack of coordination. Solving cache pollution attacks is a prerequisite for the deployment of NDN, which is widely considered to be the basis for the future Internet. We present CoMon++ to this end, a framework for lightweight coordination that...
Ever-increasing big data forces enterprises to migrate data to cloud storage systems. Data retrieval time from the cloud will directly affect the overall application performance. Meanwhile, sensitive data stored on cloud necessitates a robust security arrangement against cyberattacks. Therefore, it is imperative that both data retrieval time and data security should be taken into account simultaneously...
This paper proposes an enhanced Interface to Network Security Functions (I2NSF) framework. To improve the whole packet throughput and manage resource of Network Security Functions (NSFs), the enhanced I2NSF framework monitors NSFs and distributes incoming packets to NSFs efficiently. Even if the legacy framework that provides security services using Software-Defined Networking (SDN) and Network Functions...
The iKaaS platform has been developed as a Horizon 2020 project to construct a multi-cloud environment in order to share data and knowledge. In this paper, we add a framework for knowledge sharing/reuse in the iKaaS platform. Furthermore, we design a revenue-sharing mechanism for knowledge sharing, which uses a blockchain for registration and use of data processing services.
Automatic Generation Control (AGC) is a key control system in the power grid. It is used to calculate the Area Control Error (ACE) based on frequency and tie-line power flow between balancing areas, and then adjust power generation to maintain the power system frequency in an acceptable range. However, attackers might inject malicious frequency or tie-line power flow measurements to mislead AGC to...
We introduce a novel mathematical model that treats network security as a game between cyber attackers and network administrators. The model takes the form of a zero-sum repeated game where each sub-game corresponds to a possible state of the attacker. Our formulation views state as the set of compromised edges in a graph opposed to the more traditional node-based view. This provides a more expressive...
Designing usable and secure software is hard without tool-support. Given the importance of requirements, CAIRIS was designed to illustrate the form tool-support for specifying usable and secure systems might take. While CAIRIS supports a broad range of security and usability engineering activities, its architecture needs to evolve to meet the workflows of these stakeholders. To this end, this paper...
Existing work on identifying security requirements relies on training binary classification models using domain-specific data sets to achieve a high accuracy. Considering that domain-specific data sets are often not readily available, we propose a domain-independent model for classifying security requirements based on two key ideas. First, we train our model on the description of weaknesses from the...
Applications in computer network security, social media analysis, and other areas rely on analyzing a changing environment. The data is rich in relationships and lends itself to graph analysis. Traditional static graph analysis cannot keep pace with network security applications analyzing nearly one million events per second and social networks like Facebook collecting 500 thousand comments per second...
The specification of the Transport Layer Security (TLS) protocol defines its own presentation language used for the purpose of semi-formally describing the structure and on-the-wire format of TLS protocol messages. This TLS Presentation Language (TPL) is more expressive and concise than natural language or tabular descriptions, but as a result of its limited objective has a number of deficiencies...
Security Risk Assessments (SRA) play a key role in the Security Development Lifecycle (SDL). At an early stage of the project, the SRA helps allocate security resources and identifies SDL requirements and activities. In this paper, we present key findings from a machine learning approach toward the SRA that seeks to learn from a database of previous product security risk assessments and associated...
Emerging computing relies heavily on secure backend storage for the massive size of big data originating from the Internet of Things (IoT) smart devices to the Cloud-hosted web applications. Structured Query Language (SQL) Injection Attack (SQLIA) remains an intruder's exploit of choice to pilfer confidential data from the back-end database with damaging ramifications. The existing approaches were...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.