Risk assessors and managers face many difficult challenges related to the new network system. These challenges include the continuous changes in the nature of network systems caused by technological progress, their distribution in the fields of physics, information and social cognition, and the complex network structure that usually includes thousands of nodes. Here, we review the probability and risk-based decision technology applied to network systems, and conclude that the existing methods can not solve all the components of the risk assessment triad (threat, vulnerability, consequence), and lack the ability to integrate across multiple areas of network systems, thus providing guidance for enhancing network security. We propose a cloud native security chain architecture and network topology reconstruction technology link based on the full link of microservices. The network security performance is quantified by multi-layer filtering mechanism and setting different fitness index functions. The method proposed in this paper solves the problems of packet loss, load balancing and distributed delay of network security mechanism in the global network to a certain extent.

Package registries host reusable code assets, allowing developers to share and reuse packages easily, thus accelerating the software development process. Current software registry ecosystems involve multiple independent stakeholders for package management. Unfortunately, abnormal behavior and information inconsistency inevitably exist, enabling adversaries to conduct malicious activities with minimal effort covertly. In this paper, we investigate potential security vulnerabilities in six popular software registry ecosystems. Through a systematic analysis of the official registries, corresponding registry mirrors and registry clients, we identify twelve potential attack vectors, with six of them disclosed for the first time, that can be exploited to distribute malicious code stealthily. Based on these security issues, we build an analysis framework, RScouter, to continuously monitor and uncover vulnerabilities in registry ecosystems. We then utilize RScouter to conduct a measurement study spanning one year over six registries and seventeen popular mirrors, scrutinizing over 4 million packages across 53 million package versions. Our quantitative analysis demonstrates that multiple threats exist in every ecosystem, and some have been exploited by attackers. We have duly reported the identified vulnerabilities to related stakeholders and received positive responses.

Security system designers favor worst-case security metrics, such as those derived from differential privacy (DP), due to the strong guarantees they provide. On the downside, these guarantees result in a high penalty on the system’s performance. In this paper, we study Bayes security, a security metric inspired by the cryptographic advantage. Similarly to DP, Bayes security i) is independent of an adversary’s prior knowledge, ii) it captures the worst-case scenario for the two most vulnerable secrets (e.g., data records); and iii) it is easy to compose, facilitating security analyses. Additionally, Bayes security iv) can be consistently estimated in a black-box manner, contrary to DP, which is useful when a formal analysis is not feasible; and v) provides a better utility-security trade-off in high-security regimes because it quantifies the risk for a specific threat model as opposed to threat-agnostic metrics such as DP.

This research aimed to examine the relationship between digital citizenship and information security achievements levels. For this purpose, the research was designed in the relational survey model within the scope of quantitative research. The sample of the research consists of teacher candidates studying at the Faculty of Education of Fırat University in the 2022-2023 academic year. To collect the research data, the Digital Citizenship Questionnaire and the Information Security Achievements Scale were used. At the end of the study, it was revealed that the digital citizenship levels of the teacher candidates were high, and the information security attainment levels related to threats and taking precautions were moderate. According to the gender variable, the digital citizenship levels of teacher candidates were found to be significantly higher in favor of females. Information security achievement levels differ significantly in favor of males according to the gender variable. It has been observed that as the information security achievements of the teacher candidates increase, the correct usage, health and social responsibility levels of digital citizenship tend to increase as well.

In the digital era, web applications have become a prevalent tool for businesses. As the number of web applications continues to grow, they become enticing targets for malicious actors seeking to exploit potential security vulnerabilities. Organizations face constant risks associated with vulnerabilities in their web-based software systems, which can result in data breaches, service disruptions, and a loss of trust. Consequently, organizations require an effective and efficient approach to assess and analyze the security of acquired web-based software, ensuring sufficient confidence in its utilization. This research aims to enhance the quantitative evaluation and analysis of web application security through a model-based approach. We focus on integrating the Open Web Application Security Project s (OWASP) Application Security Verification Standard (ASVS) into a structured and analyzable metamodel. This model aims to effectively assess the security levels of web applications while offering valuable insights into their strengths and weaknesses. By combining the ASVS with a comprehensive framework, we aim to provide a robust methodology for evaluating and analyzing web application security.

Security still remains an afterthought in modern Electronic Design Automation (EDA) tools, which solely focus on enhancing performance and reducing the chip size. Typically, the security analysis is conducted by hand, leading to vulnerabilities in the design remaining unnoticed. Security-aware EDA tools assist the designer in the identification and removal of security threats while keeping performance and area in mind. Stateof-the-art approaches utilize information flow analysis to spot unintended information leakages in design structures. However, the classification of such threats is binary, resulting in negligible leakages being listed as well. A novel quantitative analysis allows the application of a metric to determine a numeric value for a leakage. Nonetheless, current approximations to quantify the leakage are still prone to overlooking leakages. The mathematical model 2D-QModel introduced in this work aims to overcome this shortcoming. Additionally, as previous work only includes a limited threat model, multiple threat models can be applied using the provided approach. Open-source benchmarks are used to show the capabilities of 2D-QModel to identify hardware Trojans in the design while ignoring insignificant leakages.

Technology integration has enabled value-added services and quality-of-life enhancement in almost all aspects of modern life. In this paper, we present a UAV and low-cost Bluetooth low energy (BLE) tags-based location search system which enables a cart take-home service for shoppers of a supermarket in a model smart colony. The presented system has quality-of-life enhancement as well as carbon footprint reduction effects and can be integrated with the existing security and/or transport system of the model smart colony. Conducted field trials on location accuracy of the system are also presented, showing that carts left by residents outside the home can be located within 6.58m and carts taken inside homes or buildings can be located within 16.43m.

IoT-Based Smart Bag and Women Security System is an novel solution to address the raising problem of women s safety and offers protection to their personal belongings while providing real-time status updates. In recent days, women often face insecure situations in society. To overcome this, a safety-oriented method has been proposed. When the person is attacked by any of the strangers of thieves, the person can use the push button by which an alert notification is delivered to the registered smart phone number with the person’s location. Additionally, the bag is provided with a shock generator that can be used by women to defend themselves against attacks from strangers or theft people, which generates an electric shock of 550V. The bag is also assisted with a finger print detector is used for securing the zipper to avoid theft. An internal lighting system have been used which detects the intensity of light and automatically switches ON when the intensity is low for ease of locating items and a wireless charger for consumer’s convenience. This system utilizes components such as ESP32, a fingerprint sensor, and a GPS system helps tracing the exact location of the bag. The collected data can visualize through the Adafruit dashboard, that offers users a clear view of the bag s location, and ON and OFF status of LED and fingerprint sensor.

Logistic transportation is the backbone of the supply chain. An uninterrupted transportation of any goods keeps the supply chain well balanced and thus helps the business as well as the economy. But in this current world, the transportation of goods is being harmed in many ways. One of those is theft, where the driver is also involved or not, but the thief steals the goods with or without breaking the seal. Both the supplying company and the client are affected by this. To reduce the problem, we are proposing a two-step security system. So that even if one system is deactivated somehow, the other system can be alerted, and necessary steps can be taken accordingly. By doing so, we can maintain a constant connection with the vehicle. Through this proposed project, the outer door seal of the cargo vehicle can be locked or unlocked, and the server can observe in real time whether any items inside are being stolen without opening the door. The security of logistics supply vehicles through the proposed paper will be more robust and beneficial to both the transport service provider and the service taker.

In today s world, security is a very important issue. People should always keep their belongings safe . To increase security, this research work proposes a IoT-based smart lockers with sensors and access keys with security, verification, and user-friendly tools. This model alerts the user when someone else tries to access their locker and quickly sends an alarm to the authorized user, and provides the option to either grant or reject access to the valid user. In this paper, smart locker is kept registered early to use a locker in the bank, office, home, etc. to ensure safety. The user demands to send an unlock direction with the help of microcontroller NUDE MCU ES P8266 and after accepting the command from the cloud (BLYNK APP), only the user can unlock the closet and access the valuables. This study has also introduced the encroachment detection in lockers with sensors and finally installed smart lockers with fire alarms for security and reliability.

Advances in sensor and communication technologies have transformed traditional homes into smart homes, equipped with sensors and actuators for various functionalities like smart lighting, temperature control, irrigation, solar monitoring, entertainment, and security. This transition is powered by the Internet of Things (IoT) architecture, enabling smart home hubs to integrate and control devices with different communication protocols. However, this shift has also introduced new security and privacy issues in the Smart Home IoT (SH-IoT) environment. To address these challenges, new communication protocols with cryptographic features have been developed, and a unified standard called Matter has been created to promote interoperability among different device manufacturers. This paper presents a comprehensive survey of recent trends and advances in the smart home IoT landscape, focusing on communication protocols, their security issues and protection features against vulnerabilities in the SH-IoT environment.

In the last decade the rapid development of the communications and IoT systems have risen many challenges regarding the security of the devices that are handled wirelessly. Therefore, in this paper, we intend to test the possibility of spoofing the parameters for connection of the Bluetooth Low Energy (BLE) devices, to make several recommendations for increasing the security of the usage of those devices and to propose basic counter measurements regarding the possibility of hacking them.

With the advancement in Internet of things smart homes are rapidly developing. Smart home is the major key component of Internet of thing. With the help of IOT technology we can stay connected to our home appliance. Internet of Things is the Associations of inserted advancements that. Contained physical protests and is utilized to convey and keenness or collaborate with the internal states or the outer surroundings. Rather than individuals to individuals’ correspondence, IoT accentuation on machine-to-machine correspondence. Smart home connects the physical components of our home with the help of software and sensors so that we can access them via internet from one place. Building home automation includes computerizing a home, likewise, mentioned to as a sensible home or smart home. Domestic machines are an urgent part of the Web of Things whenever they are associated with the web. Controlled devices are commonly connected to a focal center or entryway through a domestic automation framework. A smartphone application, tablet PC, personal computer, wall-mounted terminals, or even a web interface that can be gotten to from off-website over the Web are completely utilized by the program to work the framework. Since all the devices are interconnected and interlinked to one an-another they are lot of chances for security breach and data theft. If the security layer is easily breakable any third-party attacker can easily theft the private data of the user. Which leads us to pay more attention to protecting and securing private data. With the day-to-day development of Smart Home, the safety also got to be developed and updated day to day the safety challenges of the IoT for a wise home scenario are encountered, and a comprehensive IoT security management for smart homes has been proposed. This paper acquaints the status of IoT development, and furthermore contains security issues challenges. Finally, this paper surveys the Gamble factor, security issues and challenges in every point of view.

Multiple smart operations, similar as smart technologies in homes, smart metropolises, smart husbandry, and smart health and fitness centres, use a new technology known as the Internet of effects. They correspond of an multifariousness of multiple networked bias that link to multiple detectors and the internet. Among the layers that comprise an IoT armature are the perception subcaste, network subcaste, and operation subcaste. Due to their wide use, these smart biases have fairly minimum protection and are vulnerable to attacks. Comprehensive explanations of operation subcaste security issues and protocols, similar as Advance Message Queuing Protocol(AMQP) in application layer protocol, Constrained operation protocol( CoAP), and REST( Emblematic State Transport).

The Internet of Things (IoT) connects the physical world to the digital world, and wireless sensor networks (WSNs) play a significant role. There are billions of IoT products in the market. We found that security was not the primary focus of software developers. The first step of designing a secure product is to analyze and note down the security requirements. This research paper proposes a modified approach, incorporating elements from the SREP (Software Requirements Engineering Process) and SQUARE (Security Quality Requirement Engineering), to define security requirements for IoT products. The revised process is applied to determine the security requirements of a Smart Lock system that utilizes the publish/subscribe protocol MQTT-SN (Message Queuing Telemetry Transport for Sensor Networks) communication protocol architecture.

There will be a billion smart devices with processing, sensing, and actuation capabilities that can be connected to the Internet under the IoT paradigm. The level of convenience, effectiveness, and automation for consumers is expected to rise owing to promising IoT applications. Privacy is a significant concern in IoT systems, and it is essential to provide users with full awareness and control over the data collected by these systems. The use of privacy-enhancing technologies can help to minimise the risks associated with data collection and processing and ensure that user privacy is protected. Lack of standards for devices with limited resources and heterogeneous technologies intensifies the security issue. There are various emerging and existing technologies that can help to address the security risks in the IoT sector and achieve a high degree of trust in IoT applications. By implementing these technologies and countermeasures, it is possible to improve the security and reliability of IoT systems, ensuring that they can be used safely and effectively in a wide range of applications. This article’s intent is to provide a comprehensive investigation of the threats and risks in the IoT industry and to examine some potential countermeasures.

Intelligent environments rely heavily on the Internet of Things, which can be targeted by malicious attacks. Therefore, the autonomous capabilities of agents in intelligent health-care environments, and the agents’ characteristics (accuracy, reliability, efficiency and responsiveness), should be exploited to devise an autonomous intelligent agent that can safeguard the entire environment from malicious attacks. Hence, this paper contributes to achieving this aim by selecting the eight most valuable features out of 50 features from the adopted dataset using the Chi-squared test. Then, three wellknown machine learning classifiers (i.e. naive Bayes, random forest and logistic regression) are compared in classifying malicious attacks from non-attacks in an intelligent health-care environment. The highest achieved classification accuracy was for the random forest classifier (99.92\%).

In an environment where terrorist group actions are heavily predominate, the study introduces novel modeling tools that really are adept at controlling, coordinating, manipulating, detecting, and tracing drones. Modern humans now need to simulate their surroundings in order to boost their comfort and productivity at work. The ability to imitate a person s everyday work has undergone tremendous advancement. A simulation is a representation of how a system or process would work in the actual world.

As vehicles increasingly embed digital systems, new security vulnerabilities are also being introduced. Computational constraints make it challenging to add security oversight layers on top of core vehicle systems, especially when the security layers rely on additional deep learning models for anomaly detection. To improve security-aware decision-making for autonomous vehicles (AV), this paper proposes a bi-level security framework. The first security level consists of a one-shot resource allocation game that enables a single vehicle to fend off an attacker by optimizing the configuration of its intrusion prevention system based on risk estimation. The second level relies on a reinforcement learning (RL) environment where an agent is responsible for forming and managing a platoon of vehicles on the fly while also dealing with a potential attacker. We solve the first problem using a minimax algorithm to identify optimal strategies for each player. Then, we train RL agents and analyze their performance in forming security-aware platoons. The trained agents demonstrate superior performance compared to our baseline strategies that do not consider security risk.

In coalition military operations, secure and effective information sharing is vital to the success of the mission. Protected Core Networking (PCN) provides a way for allied nations to securely interconnect their networks to facilitate the sharing of data. PCN, and military networks in general, face unique security challenges. Heterogeneous links and devices are deployed in hostile environments, while motivated adversaries launch cyberattacks at ever-increasing pace, volume, and sophistication. Humans cannot defend these systems and networks, not only because the volume of cyber events is too great, but also because there are not enough cyber defenders situated at the tactical edge. Thus, autonomous, machine-speed cyber defense capabilities are needed to protect mission-critical information systems from cyberattacks and system failures. This paper discusses the motivation for adding autonomous cyber defense capabilities to PCN and outlines a path toward implementing these capabilities. We propose to leverage existing reference architectures, frameworks, and enabling technologies, in order to adapt autonomous cyber defense concepts to the PCN context. We highlight expected challenges of implementing autonomous cyber defense agents for PCN, including: defining the state space and action space that will be necessary for monitoring and for generating recovery plans; implementing a suite of models, sensors, actuators, and agents specific to the PCN context; and designing metrics and experiments to measure the efficacy of such a system.

This paper discusses the design and implementation of Autonomous Cyber Defense (ACD) agents for Protected Core Networking (PCN). Our solution includes two types of specialized, complementary agents placed in different parts of the network. One type of agent, ACD-Core, is deployed within the protected core segment of a particular nation and can monitor and act in the physical and IP layers. The other, ACDCC, is deployed within a colored cloud and can monitor and act in the transport and application layers. We analyze the threat landscape and identify possible uses and misuses of these agents. Our work is part of an ongoing collaboration between two NATO research task groups, IST-162 and IST-196. The goal of this collaboration is to detail the design and roadmap for implementing ACD agents for PCN and to create a virtual lab for related experimentation and validation. Our vision is that ACD will contribute to improving the cybersecurity of military networks, protecting them against evolving cyber threats, and ensuring connectivity at the tactical edge.

This paper highlights the progress toward securing teleoperating devices over the past ten years of active technology development. The relevance of this issue lies in the widespread development of teleoperating systems with a small number of systems allowed for operations. Anomalous behavior of the operating device, caused by a disruption in the normal functioning of the system modules, can be associated with remote attacks and exploitation of vulnerabilities, which can lead to fatal consequences. There are regulations and mandates from licensing agencies such as the US Food and Drug Administration (FDA) that place restrictions on the architecture and components of teleoperating systems. These requirements are also evolving to meet new cybersecurity threats. In particular, consumers and safety regulatory agencies are attracted by the threat of compromising hardware modules along with software insecurity. Recently, detailed security frameworks and protocols for teleoperating devices have appeared. However, a matter of intelligent autonomous controllers for analyzing anomalous and suspicious actions in the system remain unattended, as well as emergency protocols from the point of cybersecurity view. This work provides a new approach for the intraoperative cybersecurity of intelligent teleoperative surgical systems, taking into account modern requirements for implementing into the Surgical Remote Intelligent Robotic System LevshAI. The proposed principal security model allows a surgeon or autonomous agent to manage the operation process during various attacks.

Nowadays, the Internet has been greatly popularized and penetrated into all aspects of people s lives. In the campus, the level of network construction has also been continuously improved. However, the issue of campus network security has become an important issue that the whole society is concerned about. The research of this paper focuses on this hot spot, and based on the actual situation and characteristics of the campus network in the specific research process, using the relevant network security technology to develop an intelligent monitoring campus network security system optimization model, through the module test and performance test of the system optimization model, the test results verify that the system in this paper can effectively prevent network attacks, monitor campus network security, and ensure the practicability and scientificity of the system.

Cooperative autonomous systems are a priority objective for military research \& development of unmanned vehicles. Drone teams are one of the most prominent applications of cooperative unmanned systems and represent an ideal solution for providing both autonomous detection and recognition within security surveillance and monitoring. Here, a drone team may be arranged as a mobile and cooperative sensor network, whose coordination mechanism shall ensure real-time reconfiguration and sensing task balancing within the team. This work proposes a dynamic and decentralized mission planner of a drone team to attain a cooperative behaviour concerning detection and recognition for security surveillance. The design of the planner exploits multi-agent task allocation and game theory, and is based on the theory of learning in games to implement a scalable and resilient system. Model-in-the-loop simulation results are reported to validate the effectiveness of the proposed approach.

Multi-agent systems offer the advantage of performing tasks in a distributed and decentralized manner, thereby increasing efficiency and effectiveness. However, building these systems also presents challenges in terms of communication, security, and data integrity. Blockchain technology has the potential to address these challenges and to revolutionize the way that data is stored and shared, by providing a tamper-evident log of events in event-driven distributed multi-agent systems. In this paper, we propose a blockchain-based approach for event-sourcing in such systems, which allows for the reliable and transparent recording of events and state changes. Our approach leverages the decentralized nature of blockchains to provide a tamperresistant event log, enabling agents to verify the integrity of the data they rely on.