Vulnerability Detection 2022 - The increasing number of software vulnerabilities pose serious security attacks and lead to system compromise, information leakage or denial of service. It is a challenge to further improve the vulnerability detection technique. Nowadays most applications are implemented using C/C++. In this paper we focus on the detection of overflow vulnerabilities in C/C++ source code. A novel scheme named VulMiningBGS (Vulnerability Mining Based on Graph Similarity) is proposed. We convert the source code into Top N-Weighted Range Sum Feature Graph (TN-WRSFG), and graph similarity comparisons based on source code level can be effectively carried on to detect possible vulnerabilities. Three categories of vulnerabilities in the Juliet test suite are used, i.e., CWE121, CWE122 and CWE190, with four indicators for performance evaluation (precision, recall, accuracy and F1\_score). Experimental results show that our scheme outperforms the traditional methods, and is effective in the overflow vulnerability detection for C/C++ source code.

Vulnerability Detection 2022 - The increasing number of security vulnerabilities has become an important problem that needs to be solved urgently in the field of software security, which means that the current vulnerability mining technology still has great potential for development. However, most of the existing AI-based vulnerability detection methods focus on designing different AI models to improve the accuracy of vulnerability detection, ignoring the fundamental problems of data-driven AI-based algorithms: first, there is a lack of sufficient high-quality vulnerability data; second, there is no unified standardized construction method to meet the standardized evaluation of different vulnerability detection models. This all greatly limits security personnel’s in-depth research on vulnerabilities. In this survey, we review the current literature on building high-quality vulnerability datasets, aiming to investigate how state-of-the-art research has leveraged data mining and data processing techniques to generate vulnerability datasets to facilitate vulnerability discovery. We also identify the challenges of this new field and share our views on potential research directions.

Visible Light Security 2022 - In the near future, the high data rate challenge would not be possible by using the radio frequency (RF) only. As the user will increase, the network traffic will increase proportionally. Visible light communication (VLC) is a good solution to support huge number of indoor users. VLC has high data rate over RF communication. The way internet users are increasing, we have to think over VLC technology. Not only the data rate is a concern but also its security, cost, and reliability have to be considered for a good communication network. Quantum technology makes a great impact on communication and computing in both areas. Quantum communication technology has the ability to support better channel capacity, higher security, and lower latency. This paper combines the quantum technology over the existing VLC and compares the performance between quantum visible light communication performance (QVLC) over the existing VLC system. Research findings clearly show that the performance of QVLC is better than the existing VLC system.

Visible Light Security 2022 - To realize indoor long-distance uplink visible light communication from a smartphone screen to a telephoto camera, wide-angle physical layer security of low-luminance wavelength division multiplexing / space division multiplexing screen is investigated with a numerical model and experiments. Dual-wavelength space division multiplexing not only doubles the data rate of single wavelength one, but also helps enhance the wide-angle physical layer security.

Visible Light Security 2022 - The world moves towards innovation; internet and mobile users are rising tremendously, and there is a desire for high-speed and uninterrupted internet access. Because of its high speed, improved bandwidth, and security, everyone is now interested in a new emergent wireless communication technology called Visible Light Communication (VLC). A VLC system with and without noise has been developed and modelled using an optical source of 450 nm LED wavelength and photodiode as a receiver. For noise, white light source is used that has an impact on the performance and quality of the VLC system. At the receiver side, Trapezoidal Optical Filter is employed before the photo detector to reduce ambient light noise, enhance the Q-factor, Bit Error Rate and provides a clear eye diagram. This paper also discusses the effect of Bit Rate with LED Bandwidth and Q-factor. Optisystem-7 software is used to simulate the circuits. In this work, the performance is assessed using Bit Error Rate and Q-factor values, as well as an eye diagram for improved communication and the use of a rectangular optical filter and polarizer to separate the sequences at the receiver side when they are sharing the same channel at the same time.

Visible Light Security 2022 - Wrist-worn devices enable access to essential information and they are suitable for a wide range of applications, such as gesture and activity recognition. Wristworn devices require appropriate technologies when used in sensitive areas, overcoming vulnerabilities in regard to security and privacy. In this work, we propose an approach to recognize wrist rotation by utilizing Visible Light Communication (VLC) that is enabled by low-cost LEDs in an indoor environment. In this regard, we address the channel model of a VLC communicating wristband (VLCcw) in terms of the following factors. The directionality and the spectral composition of the light and the corresponding spectral sensitivity and the directional characteristics of the utilized photodiode (PD). We verify our VLCcw from the simulation environment by a smallscale experimental setup. Then, we analyze the system when white and RGBW LEDs are used. In addition, we optimized the VLCcw system by adding more receivers for the purpose of reducing the number of LEDs on VLCcw. Our results show that the proposed approach generates a feasible real-world simulation environment.

Visible Light Security 2022 - Visible Light Communication (VLC) is one of technology for the sixth generation (6G) wireless communication and also broadcast system. VLC systems are more resistant against Radio Frequency interference and unsusceptible to security like most RF wireless networks. Since VLC is one of suitable candidate for enforcing data security in future wireless networks. This paper considers improving the security of the next generation of wireless communications by using wireless device fingerprints in visible light communication, which could be used potentially for ATSC broadcasting applications. In particular, we aim to provide a detailed proposal for developing novel wireless security solutions using Visible light communication device fingerprinting techniques. The objectives are two-fold: (1) to provide a systematic review of AI-based wireless device fingerprint identification method and (2) to identify VLC transmitter, with respect to the ATSC physical layer modulation scheme, by analysing the differences in the modulated constellations signaled received by photo-diode, which will be proved by laboratory experimentation.

Visible Light Security 2022 - In this paper, we address the secure data transmission through visible light communication (VLC) using physical layer security (PLS) techniques and particularly, optical beamforming with the zero-forcing algorithm. More precisely, we consider the secrecy capacity of classical multiple-input singleoutput VLC so that the system can deal with eavesdroppers by minimizing the secrecy outage probability (SOP). The considered wireless channel is modeled by the Gaussian distribution, which is subject to amplitude constraints. We quantify the achievable secrecy capacity and SOP for the conventional lineof-sight VLC link and show that how the beamforming can determine the optimal placement of the transmitters. We also show that for a given SOP, the proposed optimal placement offers a signal-to-noise ratio gain of up to 6 dB compared to classical methods such as uniform placement of the transmitters. Our numerical results indicate that the proposed optimal LED arrangement can achieve an SOP of 10−10 while the SOP with uniform arrangement is equal to 10−4.

Visible Light Security 2022 - One of the critical components of the extracting and monitoring process in the gas and oil sector is the downhole telemetry system. As sensors resistant to high temperature and pressure have been developed, more parameters can be monitored to increase safety and efficiency. Increased bandwidth demand for downhole communications necessitated the development of a novel, dependable, and low-cost communication network. Visible light communications (VLC) have been suggested in the literature for downhole telemetry systems, since they can address the bandwidth needs thanks to the huge available spectrum. However, the gas types used in the literature so far are not sufficient enough to examine the real field conditions. In this study, after the challenges surrounding the use of VLC in downhole gas pipeline telemetry/monitoring systems are discussed, the performance of VLC is investigated by injecting a large variety of gas into the carbon steel covered gas pipeline, such as methane, and ethane, carbon dioxide. The effectiveness of the VLC system using a non-uniformly clipped optic orthogonal frequency division multiplexing (ACO-OFDM) modulation scheme with 128-FFT and guarding band is experimentally investigated. Furthermore, the impact of the light-emitting diode (LED) colors on a VLC-based downhole telemetry system is also discussed. The measurement results indicate that the color of the LED affects the performance as the dominance of the noise decreases after the 7dB signal-tonoise ratio (SNR) region.

Visible Light Security 2022 - Wireless-fidelity (Wi-Fi) and Bluetooth are examples of modern wireless communication technologies that employ radio waves as the primary channel for data transmission. but it ought to find alternatives over the limitation and interference in the radio frequency (RF) band. For viable alternatives, visible light communication (VLC) technology comes to play as Light Fidelity (Li-Fi) which uses visible light as a channel for delivering very highspeed communication in a Wi-Fi way. In terms of availability, bandwidth, security and efficiency, Li-Fi is superior than Wi-Fi. In this paper, we present a Li-Fi-based indoor communication system. prototype model has been proposed for single user scenario using visible light portion of electromagnetic spectrum. This system has been designed for audio data communication in between the users in transmitter and receiver sections. LED and photoresistor have been used as optical source and receiver respectively. The electro-acoustic transducer provides the required conversion of electrical-optical signal in both ways. This system might overcome problems like radio-frequency bandwidth scarcity However, its major problem is that it only works when it is pointed directly at the target..

Visible Light Security 2022 - We propose a novel security communication scheme for underwater visible light communication (UVLC) based on frequency domain symmetrical zero-padding and phase scrambling. The security key is a logistic mapping generated by chaos mapping. Robust security performance is experimentally demonstrated by a PAM-8 modulated UVLC system over 1.2m underwater transmission link. The maximum data rate can be achieved at 2.025Gb/s under 7\% hard decision forward error correction (HD-FEC) limit of 3.8×10−3, clearly verifying the feasibility of the proposed scheme as a promising solution in future UVLC system.

Visible Light Security 2022 - Visible light communication (VLC) is a shortrange wireless optical communication that can transmit data by switching lighting elements at high speeds in indoor areas. In common areas, VLC can provide data security at every layer of communication by using physical layer security (PLS) techniques as well as existing cryptography-based techniques. In the literature, PLS techniques have generally been studied for monochrome VLC systems, and multicolor VLC studies are quite limited. In this study, to the best of authors’ knowledge, null steering (NS) and artificial noise (AN), which are widely used PLS methods, have been applied to multi-colored LEDbased VLC systems for the first time in the literature and the achievable secrecy rate has been calculated.

Web Caching Security 2022 - The world today is driving towards connections via the internet rather than social interaction. Hence modern- day businesses have a compelling need to update themselves and make their brand heard across the world. One of the most popular and recognized approaches is to develop a web application which acts as the face of their company over the Internet. This paper presents the development of a Content Management System designed for a start-up that provides fitness sessions to people across the world. The CMS comprises various modules such as user management, individual sessions handling, group sessions handling, course management along with functions including multi-currency and multi-time zone support, telecommunication interfacing, notification system and payment gateway integration. This paper also discusses on the security and caching mechanisms used to improve the security and the scalability of the proposed CMS. The application is designed to overcome the geographical barrier by handling currencies and timezones based on the locality of the user and incorporates a reliable payment and business communication platform. The technological stack includes Dynamic HTML for frontend, Django framework for backend, PostgreSQL and Redis for database management along with Celery task queues, deployed using Docker.

Web Caching Security 2022 - Today’s web applications feature the proliferation of third-party JavaScript inclusion, which incurs a range of security risks. Although attack strategies by manipulating third-party JavaScript files have been widely investigated, the adverse impact caused by third-party JavaScript inclusion and caching does not receive much attention. Specifically, when a malicious script is cached, it can revive and bite every time when a user visits any website that includes it, leading to a much worse effect of the attack. In this paper, we present the first comprehensive study on Alexa top one million websites to investigate how likely thirdparty JavaScript inclusion and caching can make an attack largescale and long-lasting, and further to uncover insecure practices that carelessly or inadvertently exacerbate the attack impact. We also discuss potential solutions to improve current practices to minimize the security risk associated with third-party JavaScript inclusion and caching.

The world today is driving towards connections via the internet rather than social interaction. Hence modern- day businesses have a compelling need to update themselves and make their brand heard across the world. One of the most popular and recognized approaches is to develop a web application which acts as the face of their company over the Internet. This paper presents the development of a Content Management System designed for a start-up that provides fitness sessions to people across the world. The CMS comprises various modules such as user management, individual sessions handling, group sessions handling, course management along with functions including multi-currency and multi-time zone support, telecommunication interfacing, notification system and payment gateway integration. This paper also discusses on the security and caching mechanisms used to improve the security and the scalability of the proposed CMS. The application is designed to overcome the geographical barrier by handling currencies and timezones based on the locality of the user and incorporates a reliable payment and business communication platform. The technological stack includes Dynamic HTML for frontend, Django framework for backend, PostgreSQL and Redis for database management along with Celery task queues, deployed using Docker.

Today’s web applications feature the proliferation of third-party JavaScript inclusion, which incurs a range of security risks. Although attack strategies by manipulating third-party JavaScript files have been widely investigated, the adverse impact caused by third-party JavaScript inclusion and caching does not receive much attention. Specifically, when a malicious script is cached, it can revive and bite every time when a user visits any website that includes it, leading to a much worse effect of the attack. In this paper, we present the first comprehensive study on Alexa top one million websites to investigate how likely thirdparty JavaScript inclusion and caching can make an attack largescale and long-lasting, and further to uncover insecure practices that carelessly or inadvertently exacerbate the attack impact. We also discuss potential solutions to improve current practices to minimize the security risk associated with third-party JavaScript inclusion and caching.

Science of Security 2022 - In order to overcome new business changes that bring new security threats and challenges to many Industrial Internet of Things (IIoT) fields such as smart grids, smart factories, and smart transportation, the paper proposed the architecture of the industrial Internet of Things system, and analyzed the security threats of the industrial Internet of Things system. Combining various attack methods, targeted security protection strategies for the perception layer, network layer, platform layer and application layer are designed. The results show that the security protection strategy can effectively meet the security protection requirements of IIoT systems.

Science of Security 2022 - To prevent all sorts of attacks, the technology of security service function chains (SFC) is proposed in recent years, it becomes an attractive research highlights. Dynamic orchestration algorithm can create SFC according to the resource usage of network security functions. The current research on creating SFC focuses on a single domain. However in reality the large and complex networks are divided into security domains according to different security levels and managed separately. Therefore, we propose a cross-security domain dynamic orchestration algorithm to create SFC for network security functions based on ant colony algorithm(ACO) and consider load balancing, shortest path and minimum delay as optimization objectives. We establish a network security architecture based on the proposed algorithm, which is suitable for the industrial vertical scenarios, solves the deployment problem of the dynamic orchestration algorithm. Simulation results verify that our algorithm achieves the goal of creating SFC across security domains and demonstrate its performance in creating service function chains to resolve abnormal traffic flows.

Science of Security 2022 - As a new industry integrated by computing, communication, networking, electronics, and automation technology, the Internet of Vehicles (IoV) has been widely concerned and highly valued at home and abroad. With the rapid growth of the number of intelligent connected vehicles, the data security risks of the IoV have become increasingly prominent, and various attacks on data security emerge in an endless stream. This paper firstly introduces the latest progress on the data security policies, regulations, standards, technical routes in major countries and regions, and international standardization organizations. Secondly, the characteristics of the IoV data are comprehensively analyzed in terms of quantity, standard, timeliness, type, and cross-border transmission. Based on the characteristics, this paper elaborates the security risks such as privacy data disclosure, inadequate access control, lack of identity authentication, transmission design defects, cross-border flow security risks, excessive collection and abuse, source identification, and blame determination. And finally, we put forward the measures and suggestions for the security development of IoV data in China.

Science of Security 2022 - Security is a critical aspect in the process of designing, developing, and testing software systems. Due to the increasing need for security-related skills within software systems, there is a growing demand for these skills to be taught in computer science. A series of security modules was developed not only to meet the demand but also to assess the impact of these modules on teaching critical cyber security topics in computer science courses. This full paper in the innovative practice category presents the outcomes of six security modules in a freshman-level course at two institutions. The study adopts a Model-Eliciting Activity (MEA) as a project for students to demonstrate an understanding of the security concepts. Two experimental studies were conducted: 1) Teaching effectiveness of implementing cyber security modules and MEA project, 2) Students’ experiences in conceptual modeling tasks in problem-solving. In measuring the effectiveness of teaching security concepts with the MEA project, students’ performance, attitudes, and interests as well as the instructor’s effectiveness were assessed. For the conceptual modeling tasks in problem-solving, the results of student outcomes were analyzed. After implementing the security modules with the MEA project, students showed a great understanding of cyber security concepts and an increased interest in broader computer science concepts. The instructor’s beliefs about teaching, learning, and assessment shifted from teacher-centered to student-centered during their experience with the security modules and MEA project. Although 64.29\% of students’ solutions do not seem suitable for real-world implementation, 76.9\% of the developed solutions showed a sufficient degree of creativity.

Science of Security 2022 - With the proposal of the major strategy of "network power" and the establishment of the first level discipline of "Cyberspace security", the training of Cyberspace security talents in China has entered a period of strategic development. Firstly, this paper defines the concept of postgraduate education quality, and analyzes the characteristics of postgraduate education and its quality guarantee of Cyberspace security specialty, especially expounds the difference with information security major. Then, on the basis of introducing the concept of comprehensive quality, this paper expounds the feasibility and necessity of establishing the quality guarantee system of Cyberspace security postgraduate education based on comprehensive view under the background of new engineering. Finally, the idea of total quality management is applied to the training process of postgraduate in Cyberspace security. Starting from the four aspects of establishing a standard system, optimizing the responsibility team, innovating the evaluation mechanism and creating a cultural environment, the framework of quality guarantee system for the training of postgraduate in Cyberspace security based on a comprehensive view is constructed.

Science of Security 2022 - This paper introduces the principle of public security electronic fence, analyzes the current situation and future demand of public security electronic fence application in policing, and points out the problems in equipment deployment. A public security electronic fence deployment method based on an improved artificial immunity algorithm is proposed for the above scenario, and specific solutions are given for model establishment, parameter settings, and other problems. Finally, an arithmetic analysis of the simulated scenario is carried out, and the results show that the results of using the improved immune algorithm to solve the public security electronic fence deployment problem are very reasonable and reliable, and have wide reference and promotion significance.

Science of Security 2022 - In this paper, the reader s attention is directed to the problem of inefficiency of the add-on information security tools, that are installed in operating systems, including virtualization systems. The paper shows the disadvantages, that significantly affect the maintenance of an adequate level of security in the operating system. The results allowing to control all areas hierarchical of protection of the specialized operating system are presented.

Science of Security 2022 - To improve the quality of network security service, the physical device service mode in traditional security service is improved, and the NFV network security service system is constructed by combining software defined networking (SDN) and network function virtualization technology (NFV). Where, network service is provided in the form of security service chain, and Web security scan service is taken as the task, finally the implementation and verification of the system are carried out. The test result shows that the security service system based on NFV can balance the load between the security network service devices in the Web security scan, which proves that the network security system based on software defined security and NFV technology can meet certain service requirements, and lays the research foundation for the improvement of the subsequent user network security service.