Search Results (564)

With the development of the data-sharing system in recent years, financial management systems and their privacy have sparked great interest. Existing financial data-sharing systems store metadata, which include a hash value and database index on the blockchain, and store high-capacity actual data in the center database. However, current data-sharing systems largely depend on centralized systems, which are susceptible to distributed denial-of-service (DDoS) attacks and present a centralized attack vector. Furthermore, storing data in a local center database has a high risk of information disclosure and tampering. In this paper, we propose the ChainMaker Privacy Computing (CPC) system, a new decentralized data-sharing system for secure financial data, to solve this problem. It provides a series of financial data information and a data structure rather than actual data on the blockchain to protect the privacy of data. We utilize a smart contract to establish a trusted platform for the local database to obtain encrypted data. We design a resource catalog to provide a trusted environment of data usage in the privacy computing system that is visible for members on the blockchain. Based on cipher-policy attribute-based encryption (CP-ABE), We design a CPC-CP-ABE algorithm to enable fine-grained access control through attribute based encryption. Finally, We propose an efficient scheme that allows authenticated data-sharing systems to perform Boolean searches on encrypted data information. The results of experiment show that the CPC system can finish trusted data sharing to all organizations on the blockchain. Full article

IoT devices with limited resources, and in the absence of gateways, become vulnerable to various attacks, such as denial of service (DoS) and man-in-the-middle (MITM) attacks. Intrusion detection systems (IDS) are designed to detect and respond to these threats in IoT environments. While machine learning-based IDS have typically been deployed at the edge (gateways) or in the cloud, in the absence of gateways, the IDS must be embedded within the sensor nodes themselves. Available datasets mainly contain features extracted from network traffic at the edge (e.g., Raspberry Pi/computer) or cloud servers. We developed a unique dataset, named as Intrusion Detection in the Smart Homes (IDSH) dataset, which is based on features retrievable from microcontroller-based IoT devices. In this work, a Tree-based IDS is embedded into a smart thermostat for real-time intrusion detection. The results demonstrated that the IDS achieved an accuracy of 98.71% for binary classification with an inference time of 276 microseconds, and an accuracy of 97.51% for multi-classification with an inference time of 273 microseconds. Real-time testing showed that the smart thermostat is capable of detecting DoS and MITM attacks without relying on a gateway or cloud. Full article

Vehicular Ad Hoc Networks (VANETs) are wireless networks that improve traffic efficiency, safety, and comfort for smart vehicle users. However, with the rise of smart and electric vehicles, traditional VANETs struggle with issues like scalability, management, energy efficiency, and dynamic pricing. Software Defined Networking (SDN) can help address these challenges by centralizing network control. The integration of SDN with VANETs, forming Software Defined-based VANETs (SD-VANETs), shows promise for intelligent transportation, particularly with autonomous vehicles. Nevertheless, SD-VANETs are susceptible to cyberattacks, especially Distributed Denial of Service (DDoS) attacks, making cybersecurity a crucial consideration for their future development. This study proposes a security system that incorporates a hybrid artificial intelligence model to detect DDoS attacks targeting the SDN controller in SD-VANET architecture. The proposed system is designed to operate as a module within the SDN controller, enabling the detection of DDoS attacks. The proposed attack detection methodology involves the collection of network traffic data, data processing, and the classification of these data. This methodology is based on a hybrid artificial intelligence model that combines a one-dimensional Convolutional Neural Network (1D-CNN) and Decision Tree models. According to experimental results, the proposed attack detection system identified that approximately 90% of the traffic in the SD-VANET network under DDoS attack consisted of malicious DDoS traffic flows. These results demonstrate that the proposed security system provides a promising solution for detecting DDoS attacks targeting the SD-VANET architecture. Full article

Modern ICT infrastructures, i.e., cyber-physical systems and critical infrastructures relying on interconnected IT (Information Technology)- and OT (Operational Technology)-based components and (sub-)systems, raise complex challenges in tackling security and safety issues. Nowadays, many security controls and mechanisms have been made available and exploitable to solve specific security needs, but, when dealing with very complex and multifaceted heterogeneous systems, a methodology is needed on top of the selection of each security control that will allow the designer/maintainer to drive her/his choices to build and keep the system secure as a whole, leaving the choice of the security controls to the last step of the system design/development. This paper aims at providing a comprehensive methodological approach to design and preliminarily implement an Open Platform Architecture (OPA) to secure the cyber-physical systems of critical infrastructures. Here, the Open Platform Architecture (OPA) depicts how an already existing or under-design target system (TS) can be equipped with technologies that are modern or currently under development, to monitor and timely detect possibly dangerous situations and to react in an automatic way by putting in place suitable countermeasures. A multifaceted use case (UC) that is able to show the OPA, starting from the security and safety requirements to the fully designed system, will be developed step by step to show the feasibility and the effectiveness of the proposed methodology. Full article

The growing use of the Internet of Things (IoT) across a vast number of sectors in our daily life noticeably exposes IoT internet-connected devices, which generate, share, and store sensitive data, to a wide range of cyber threats. Software Defined Networks (SDNs) can play a significant role in enhancing the security of IoT networks against any potential attacks. The goal of the SDN approach to network administration is to enhance network performance and monitoring. This is achieved by allowing more dynamic and programmatically efficient network configuration; hence, simplifying networks through centralized management and control. There are many difficulties for manufacturers to manage the risks associated with evolving technology as the technology itself introduces a variety of vulnerabilities and dangers. Therefore, Intrusion Detection Systems (IDSs) are an essential component for keeping tabs on suspicious behaviors. While IDSs can be implemented with more simplicity due to the centralized view of an SDN, the effectiveness of modern detection methods, which are mainly based on machine learning (ML) or deep learning (DL), is dependent on the quality of the data used in their modeling. Anomaly-based detection systems employed in SDNs have a hard time getting started due to the lack of publicly available data, especially on the data layer. The large majority of existing literature relies on data from conventional networks. This study aims to generate multiple types of Distributed Denial of Service (DDoS) and Denial of Service (DoS) attacks over the data plane (Southbound) portion of an SDN implementation. The cutting-edge virtualization technology is used to simulate a real-world environment of Docker Orchestration as a distributed system. The collected dataset contains examples of both benign and suspicious forms of attacks on the data plane of an SDN infrastructure. We also conduct an experimental evaluation of our collected dataset with well-known machine learning-based techniques and statistical measures to prove their usefulness. Both resources we build in this work (the dataset we create and the baseline models we train on it) can be useful for researchers and practitioners working on improving the security of IoT networks by using SDN technologies. Full article

Virtualisation has received widespread adoption and deployment across a wide range of enterprises and industries throughout the years. Network Function Virtualisation (NFV) is a technical concept that presents a method for dynamically delivering virtualised network functions as virtualised or software components. Virtualised Network Function (VNF) has distinct advantages, but it also faces serious security challenges. Cyberattacks such as Denial of Service (DoS), malware/rootkit injection, port scanning, and so on can target VNF appliances just like any other network infrastructure. To create exceptional training exercises for machine or deep learning (ML/DL) models to combat cyberattacks in VNF, a suitable dataset (VNFCYBERDATA) exhibiting an actual reflection, or one that is reasonably close to an actual reflection, of the problem that the ML/DL model could address is required. This article describes a real VNF dataset that contains over seven million data points and twenty-five cyberattacks generated from five VNF appliances. To facilitate a realistic examination of VNF traffic, the dataset includes both benign and malicious traffic. Full article

The rise of Distributed Denial of Service (DDoS) attacks on the internet has necessitated the development of robust and efficient detection mechanisms. DDoS attacks continue to present a significant threat, making it imperative to find efficient ways to detect and prevent these attacks promptly. Traditional machine learning approaches raise privacy concerns when handling sensitive data. In response, federated learning has emerged as a promising paradigm, allowing model training across decentralized devices without centralizing data. However, challenges such as the non-IID (Non-Independent and Identically Distributed) problem persist due to data distribution imbalances among devices. In this research, we propose personalized federated learning (PFL) as a solution for detecting DDoS attacks. PFL preserves data privacy by keeping sensitive information localized on individual devices during model training, thus addressing privacy concerns that are inherent in traditional approaches. In this paper, we propose federated learning with DBSCAN clustering (FedDB). By combining personalized training with model aggregation, our approach effectively mitigates the common challenge of non-IID data in federated learning setups. The integration of DBSCAN clustering further enhances our method by effectively handling data distribution imbalances and improving the overall detection accuracy. Results indicate that our proposed model improves performance, achieving relatively consistent accuracy across all clients, demonstrating that our method effectively overcomes the non-IID problem. Evaluation of our approach utilizes the CICDDOS2019 dataset. Through comprehensive experimentation, we demonstrate the efficacy of personalized federated learning in enhancing detection accuracy while safeguarding data privacy and mitigating non-IID concerns. Full article

The maritime industry is constantly evolving and posing new challenges, especially with increasing digitalization, which has raised concerns about cyber-attacks on maritime supply chain agents. Although scholars have proposed various methods and classification models to counter these cyber threats, a comprehensive cyber-attack taxonomy for maritime supply chain actors based on a systematic literature review is still lacking. This review aims to provide a clear picture of common cyber-attacks and develop a taxonomy for their categorization. In addition, it outlines best practices derived from academic research in maritime cybersecurity using PRISMA principles for a systematic literature review, which identified 110 relevant journal papers. This study highlights that distributed denial of service (DDoS) attacks and malware are top concerns for all maritime supply chain stakeholders. In particular, shipping companies are urged to prioritize defenses against hijacking, spoofing, and jamming. The report identifies 18 practices to combat cyber-attacks, categorized into information security management solutions, information security policies, and cybersecurity awareness and training. Finally, this paper explores how emerging technologies can address cyber-attacks in the maritime supply chain network (MSCN). While Industry 4.0 technologies are highlighted as significant trends in the literature, this study aims to equip MSCN stakeholders with the knowledge to effectively leverage a broader range of emerging technologies. In doing so, it provides forward-looking solutions to prevent and mitigate cyber-attacks, emphasizing that Industry 4.0 is part of a larger landscape of technological innovation. Full article

The exponential growth and widespread adoption of Internet of Things (IoT) devices have introduced many vulnerabilities. Attackers frequently exploit these flaws, necessitating advanced technological approaches to protect against emerging cyber threats. This paper introduces a novel approach utilizing hardware honeypots as an additional defensive layer against hardware vulnerabilities, particularly hardware Trojans (HTs). HTs pose significant risks to the security of modern integrated circuits (ICs), potentially causing operational failures, denial of service, or data leakage through intentional modifications. The proposed system was implemented on a Raspberry Pi and tested on an emulated HT circuit using a Field-Programmable Gate Array (FPGA). This approach leverages hardware honeypots to detect and mitigate HTs in the IoT devices. The results demonstrate that the system effectively detects and mitigates HTs without imposing additional complexity on the IoT devices. The Trojan-agnostic solution offers full customization to meet specific security needs, providing a flexible and robust layer of security. These findings provide valuable insights into enhancing the security of IoT devices against hardware-based cyber threats, thereby contributing to the overall resilience of IoT networks. This innovative approach offers a promising solution to address the growing security challenges in IoT environments. Full article

Due to its vulnerability to a variety of cyber attacks, research on cyber security for power systems has become especially crucial. In order to maintain the safe and stable operation of power systems, it is worthwhile to gain insight into the complex characteristics and behaviors of cyber attacks from the attacker’s perspective. The consensus-based distributed state estimation problem is investigated for power systems subject to collaborative attacks. In order to describe such attack behaviors, the denial of service (DoS) attack model for hybrid remote terminal unit (RTU) and phasor measurement unit (PMU) measurements, and the false data injection (FDI) attack model for neighboring estimation information, are constructed. By integrating these two types of attack models, a different consensus-based distributed estimator is designed to accurately estimate the state of the power system under collaborative attacks. Then, through Lyapunov stability analysis theory, a sufficient condition is provided to ensure that the proposed distributed estimator is stable, and a suitable consensus gain matrix is devised. Finally, to confirm the viability and efficacy of the suggested algorithm, a simulation experiment on an IEEE benchmark 14-bus power system is carried out. Full article

This article studies a data-driven prescribed performance platooning control method for nonlinear connected automated vehicle systems (CAVs) under aperiodic denial-of-service (DoS) attacks. Firstly, the dynamic linearization technique is employed to transform the nonlinear CAV system into an equivalent linearized data model. Secondly, to improve the system’s transient performance, a prescribed performance transformation (PPT) scheme is proposed to transform the constrained output into the unconstrained one. In addition, an attack compensation mechanism is designed to reduce the adverse impact. Combining the PPT scheme and the attack compensation mechanism, the data-driven adaptive platooning control scheme is proposed to achieve the vehicular tracking control task. Lastly, the merits of the developed control method are illustrated by an actual simulation. Full article

The way we connect with the physical world has completely changed because of the advancement of the Internet of Things (IoT). However, there are several difficulties associated with this change. A significant advancement has been the emergence of intelligent machines that are able to gather data for analysis and decision-making. In terms of IoT security, we are seeing a sharp increase in hacker activities worldwide. Botnets are more common now in many countries, and such attacks are very difficult to counter. In this context, Distributed Denial of Service (DDoS) attacks pose a significant threat to the availability and integrity of online services. In this paper, we developed a predictive model called Markov Detection and Prediction (MDP) using a Continuous-Time Markov Chain (CTMC) to identify and preemptively mitigate DDoS attacks. The MDP model helps in studying, analyzing, and predicting DDoS attacks in Long-Term Evolution for Machine (LTE-M) networks and IoT environments. The results show that using our MDP model, the system is able to differentiate between Authentic, Suspicious, and Malicious traffic. Additionally, we are able to predict the system behavior when facing different DDoS attacks. Full article

The security of Wireless Sensor Networks (WSNs) is of the utmost importance because of their widespread use in various applications. Protecting WSNs from harmful activity is a vital function of intrusion detection systems (IDSs). An innovative approach to WSN intrusion detection (ID) utilizing the CatBoost classifier (Cb-C) and the Lyrebird Optimization Algorithm is presented in this work (LOA). As is typical in ID settings, Cb-C excels at handling datasets that are imbalanced. The lyrebird’s remarkable capacity to imitate the sounds of its surroundings served as inspiration for the LOA, a metaheuristic optimization algorithm. The WSN-DS dataset, acquired from Prince Sultan University in Saudi Arabia, is used to assess the suggested method. Among the models presented, LOA-Cb-C produces the highest accuracy of 99.66%; nevertheless, when compared with the other methods discussed in this article, its error value of 0.34% is the lowest. Experimental results reveal that the suggested strategy improves WSN-IoT security over the existing methods in terms of detection accuracy and the false alarm rate. Full article

When migrating smart contracts from one blockchain platform to another, there are potential security risks. This is because different blockchain platforms have different environments and characteristics for executing smart contracts. The focus of this paper is to study the security risks associated with the migration of smart contracts from Ethereum to Arbitrum. We collected relevant data and analyzed smart contract migration cases to explore the differences between Ethereum and Arbitrum in areas such as Arbitrum cross-chain messaging, block properties, contract address alias, and gas fees. From the 36 types of smart contract migration cases we identified, we selected four typical types of cases and summarized their security risks. The research shows that smart contracts deployed on Ethereum may face certain potential security risks during migration to Arbitrum, mainly due to issues inherent in public blockchain characteristics, such as outdated off-chain data obtained by the inactive sequencer, logic errors based on time, failed permission checks, and denial of service (DOS) attacks. To mitigate these security risks, we proposed avoidance methods and provided considerations for users and developers to ensure a secure migration process. It is worth noting that this study is the first to conduct an in-depth analysis of the secure migration of smart contracts from Ethereum to Arbitrum. Full article

Pregnancy termination, also referred to as abortion, is a contentious subject in many countries. Uganda’s culture requires young people to remain celibate; they therefore suffer from restricted access to any sexual and reproductive health information, products, and services, including contraceptives. Girls who are pregnant in Uganda are oppressed in various ways, including being expelled from school. Since abortion is illegal under Ugandan law, those abortions that take place are assumed to have a high risk of being unsafe. Most previous studies in the African context have thus focused on the phenomenon of unsafe abortion. Adolescent abortion is characterized by a rhetoric of pathology that frames girls as victims of deadly unsafe abortion practices. This paper aims to critique the view that pregnant adolescent girls are merely vulnerable victims who passively accept the denial of SRH services, including abortion. We analyzed the life histories of 14 girls in Uganda who had undergone pregnancy termination. Our findings showed that adolescent girls are not passive victims of the structural barriers to abortion. They use their agency to obtain knowledge, make decisions, successfully terminate pregnancy, and conceal the information as needed. It is therefore important for policymakers to acknowledge the agency of adolescent girls in regard to pregnancy termination and how this recognition could be of benefit in terms of devising appropriate supports for them. Full article