MANET Privacy - Various routing methods and approaches are being integrated into wireless networks, making it a topic for future investigation. The two primary wireless routing issues under research are security and congestion reduction. The bulk of security research relies on key-based approaches or third-party trust control systems. The routing protocol would be secured by validating a nonblocking identity, which is relayed to each site via protocol, according to the study's enhanced route security. Adhoc upon Request Vertical (AODV) connectivity is a dynamically routing technique that chooses the best route based on the databases of its neighbors. The research in this article emphasizes privacy for routing security, and simulators are given to show the improved delivery ratio, speed, end-to-end lag, and reduced packet loss rate of the Ad hoc On Requirement Done Accordingly (AODV) networking protocol. Attacks are deliberately avoided by modifying the basic implementation of the AODV networking protocol. Further suggestions made in this research include the deployment of an access control strategy and distinctive key-based verification for AODV. There is always a need for research in this area since security measures might have a detrimental influence on the functioning of the system in place. There is an urgent need for continued study in this area but since audiovisual and audio industries are growing quickly.

MANET Privacy - The Vehicular Ad hoc Network (VANET) is a new type of Mobile ad hoc networks. The VANET can be seen on the street, with automobiles acting as network nodes. VANET implementations such as engaged confidentiality and navigation systems require appropriate vehicle-to-vehicle technological tools, particularly routing innovation. A Vehicular Ad hoc NETwork (VANET) is a self-organized system made up of linked vehicles that enables for the timely transmission of relevant traffic data. A grouping approach is designed due to VANET properties such as dynamic nature and high response. Then a secure algorithm is designed for secure transmissions. The results analysis was performed in terms of packet delivery ratio (PDR), end-to-end delay, and throughput. The throughput was compared with existing works and it shows approx. 35% of improvement.

MANET Privacy - In Mobile Adhoc Networks (MANETs), resilient optimization is based on the least energy utilization as well as privacy. The crucial concerns for the productive design to provide multi-hop routing are security and energy consumption. Concerning these problems, we present in this paper an author proposed routing protocol called Protected Quality of Service (QoS) aware Energy Efficient Routing protocol. It is developed on trust along with energy efficiency and points to improve MANET security. The proposed work utilizes an identification methodology in the company of a key based safety feature for assigning trust ratings. This study also determines three categories of trust ratings, including direct, indirect, and overall trust scores, beneficial to increase communication security. The head of a cluster is selected among the nodes based on QoS metrics and scores of the trust which is referred to as a cluster based secured routing approach. Finally, to carry out the safe routing procedure as efficiently as possible, the required final path that is picked depends on path trust, energy consumption, and hop number. The suggested work was evaluated via simulations using the Ns2 simulator. The proposed strategy beats others in the matter of enhanced delivery rate of the packets, lifetime of a network, and security according to the simulation findings. Further, the proposed safe routing technique saves time and energy as compared to current relevant secure routing methods.

Malware Analysis - The rapid development of network information technology, individual’s information networks security has become a very critical issue in our daily life. Therefore, it is necessary to study the malware propagation model system. In this paper, the traditional integer order malware propagation model system is extended to the field of fractional-order. Then we analyze the asymptotic stability of the fractional-order malware propagation model system when the equilibrium point is the origin and the time delay is 0. Next, the asymptotic stability and bifurcation analysis of the fractional-order malware propagation model system when the equilibrium point is the origin and the time delay is not 0 are carried out. Moreover, we study the asymptotic stability of the fractional-order malware propagation model system with an interior equilibrium point. In the end, so as to verify our theoretical results, many numerical simulations are provided.

Malware Analysis - Detection of malware and security attacks is a complex process that can vary in its details and analysis activities. As part of the detection process, malware scanners try to categorize a malware once it is detected under one of the known malware categories (e.g. worms, spywares, viruses, etc.). However, many studies and researches indicate problems with scanners categorizing or identifying a particular malware under more than one malware category. This paper, and several others, show that machine learning can be used for malware detection especially with ensemble base prediction methods. In this paper, we evaluated several custom-built ensemble models. We focused on multi-label malware classification as individual or classical classifiers showed low accuracy in such territory.This paper showed that recent machine models such as ensemble and deep learning can be used for malware detection with better performance in comparison with classical models. This is very critical in such a dynamic and yet important detection systems where challenges such as the detection of unknown or zero-day malware will continue to exist and evolve.

Malware Analysis - Android malware is continuously evolving at an alarming rate due to the growing vulnerabilities. This demands more effective malware detection methods. This paper presents DynaMalDroid, a dynamic analysis-based framework to detect malicious applications in the Android platform. The proposed framework contains three modules: dynamic analysis, feature engineering, and detection. We utilized the well-known CICMalDroid2020 dataset, and the system calls of apps are extracted through dynamic analysis. We trained our proposed model to recognize malware by selecting features obtained through the feature engineering module. Further, with these selected features, the detection module applies different Machine Learning classifiers like Random Forest, Decision Tree, Logistic Regression, Support Vector Machine, Naïve-Bayes, K-Nearest Neighbour, and AdaBoost, to recognize whether an application is malicious or not. The experiments have shown that several classifiers have demonstrated excellent performance and have an accuracy of up to 99\%. The models with Support Vector Machine and AdaBoost classifiers have provided better detection accuracy of 99.3\% and 99.5\%, respectively.

Malware Analysis - Malware attacks in the cyber world continue to increase despite the efforts of Malware analysts to combat this problem. Recently, Malware samples have been presented as binary sequences and assembly codes. However, most researchers focus only on the raw Malware sequence in their proposed solutions, ignoring that the assembly codes may contain important details that enable rapid Malware detection. In this work, we leveraged the capabilities of deep autoencoders to investigate the presence of feature disparities in the assembly and raw binary Malware samples. First, we treated the task as outliers to investigate whether the autoencoder would identify and justify features as samples from the same family. Second, we added noise to all samples and used Deep Autoencoder to reconstruct the original samples by denoising. Experiments with the Microsoft Malware dataset showed that the byte samples features differed from the assembly code samples.

Malware Analysis - The rising use of smartphones each year is matched by the development of the smartphone s operating system, Android. Due to the immense popularity of the Android operating system, many unauthorized users (in this case, the attackers) wish to exploit this vulnerability to get sensitive data from every Android user. The flubot malware assault, which happened in 2021 and targeted Android devices practically globally, is one of the attacks on Android smartphones. It was known at the time that the flubot virus stole information, particularly from banking applications installed on the victim s device. To prevent this from happening again, we research the signature and behavior of flubot malware. In this study, a hybrid analysis will be conducted on three samples of flubot malware that are available on the open-source Hatching Triage platform. Using the Android Virtual Device (AVD) as the primary environment for malware installation, the analysis was conducted with the Android Debug Bridge (ADB) and Burpsuite as supporting tools for dynamic analysis. During the static analysis, the Mobile Security Framework (MobSF) and the Bytecode Viewer were used to examine the source code of the three malware samples. Analysis of the flubot virus revealed that it extracts or drops dex files on the victim s device, where the file is the primary malware. The Flubot virus will clone the messaging application or Short Message Service (SMS) on the default device. Additionally, we discovered a form of flubot malware that operates as a Domain Generation Algorithm (DGA) and communicates with its Command and Control (C\&C) server.

Malware Analysis - The effective security system improvement from malware attacks on the Android operating system should be updated and improved. Effective malware detection increases the level of data security and high protection for the users. Malicious software or malware typically finds a means to circumvent the security procedure, even when the user is unaware whether the application can act as malware. The effectiveness of obfuscated android malware detection is evaluated by collecting static analysis data from a data set. The experiment assesses the risk level of which malware dataset using the hash value of the malware and records malware behavior. A set of hash SHA256 malware samples has been obtained from an internet dataset and will be analyzed using static analysis to record malware behavior and evaluate which risk level of the malware. According to the results, most of the algorithms provide the same total score because of the multiple crime inside the malware application.

Malware Analysis - Malwares are designed to cause harm to the machine without the user s knowledge. Malwares belonging to different families infect the system in its own unique way causing damage which could be irreversible and hence there is a need to detect and analyse the malwares. Manual analysis of all types of malwares is not a practical approach due to the huge effort involved and hence Automated Malware Analysis is resorted to so that the burden on humans can be decreased and the process is made robust. A lot of Automated Malware Analysis tools are present right now both offline and online but the problem arises as to which tool to select while analysing a suspicious binary. A comparative analysis of three most widely used automated tools has been done with different malware class samples. These tools are Cuckoo Sandbox, Any. Run and Intezer Analyze. In order to check the efficacy of the tool in both online and offline analysis, Cuckoo Sandbox was configured for offline use, and Any. Run and Intezer Analyze were configured for online analysis. Individual tools analyse each malware sample and after analysis is completed, a comparative chart is prepared to determine which tool is good at finding registry changes, processes created, files created, network connections, etc by the malicious binary. The findings conclude that Intezer Analyze tool recognizes file changes better than others but otherwise Cuckoo Sandbox and Any. Run tools are better in determining other functionalities.

Malware Analysis - The static and dynamic malware analysis are used by industrialists and academics to understand malware capabilities and threat level. The antimalware industries calculate malware threat levels using different techniques which involve human involvement and a large number of resources and analysts. As malware complexity, velocity and volume increase, it becomes impossible to allocate so many resources. Due to this reason, it is projected that the number of malware apps will continue to rise, and that more devices will be targeted in order to commit various sorts of cybercrime. It is therefore necessary to develop techniques that can calculate the damage or threat posed by malware automatically as soon as it is identified. In this way, early warnings about zero-day (unknown) malware can assist in allocating resources for carrying out a close analysis of it as soon as it is identified. In this paper, a fuzzy modelling approach is described for calculating the potential risk of malicious programs through static malware analysis.

Malware Analysis - Any software that runs malicious payloads on victims’ computers is referred to as malware. It is an increasing threat that costs people, businesses, and organizations a lot of money. Attacks on security have developed significantly in recent years. Malware may infiltrate both offline and online media, like: chat, SMS, and spam (email, or social media), because it has a built-in defensive mechanism and may conceal itself from antivirus software or even corrupt it. As a result, there is an urgent need to detect and prevent malware before it damages critical assets around the world. In fact, there are lots of different techniques and tools used to combat versus malware. In this paper, the malware samples were analyzing in the Virtual Box environment using in-depth analysis based on reverse engineering using advanced static malware analysis techniques. The results Obtained from malware analysis which represent a set of valuable information, all anti-malware and anti-virus program companies need for in order to update their products.

Malware Analysis - This document addresses the issue of the actual security level of PDF documents. Two types of detection approaches are utilized to detect dangerous elements within malware: static analysis and dynamic analysis. Analyzing malware binaries to identify dangerous strings, as well as reverse-engineering is included in static analysis for t1he malware to disassemble it. On the other hand, dynamic analysis monitors malware activities by running them in a safe environment, such as a virtual machine. Each method has its own set of strengths and weaknesses, and it is usually best to employ both methods while analyzing malware. Malware detection could be simplified without sacrificing accuracy by reducing the number of malicious traits. This may allow the researcher to devote more time to analysis. Our worry is that there is no obvious need to identify malware with numerous functionalities when it isn t necessary. We will solve this problem by developing a system that will identify if the given file is infected with malware or not.

Information Reuse and Security - In software engineering, the aspect of addressing security requirements is considered to be of paramount importance. In most cases, however, security requirements for a system are considered as non-functional requirements (NFRs) and are addressed at the very end of the software development life cycle. The increasing number of security incidents in software systems around the world has made researchers and developers rethink and consider this issue at an earlier stage. An important and essential step towards this process is the elicitation of relevant security requirements. In a recent work, Imtiaz et al. proposed a framework for creating a mapping between existing requirements and the vulnerabilities associated with them. The idea is that, this mapping can be used by developers to predict potential vulnerabilities associated with new functional requirements and capture security requirements to avoid these vulnerabilities. However, to what extent, such existing vulnerability information can be useful in security requirements elicitation is still an open question. In this paper, we design a human subject study to answer this question. We also present the results of a pilot study and discuss their implications. Preliminary results show that existing vulnerability information can be a useful resource in eliciting security requirements and lays ground work for a full scale study.

Information Reuse and Security - New malware increasingly adopts novel fileless techniques to evade detection from antivirus programs. Process injection is one of the most popular fileless attack techniques. This technique makes malware more stealthy by writing malicious code into memory space and reusing the name and port of the host process. It is difficult for traditional security software to detect and intercept process injections due to the stealthiness of its behavior. We propose a novel framework called ProcGuard for detecting process injection behaviors. This framework collects sensitive function call information of typical process injection. Then we perform a fine-grained analysis of process injection behavior based on the function call chain characteristics of the program, and we also use the improved RCNN network to enhance API analysis on the tampered memory segments. We combine API analysis with deep learning to determine whether a process injection attack has been executed. We collect a large number of malicious samples with process injection behavior and construct a dataset for evaluating the effectiveness of ProcGuard. The experimental results demonstrate that it achieves an accuracy of 81.58\% with a lower false-positive rate compared to other systems. In addition, we also evaluate the detection time and runtime performance loss metrics of ProcGuard, both of which are improved compared to previous detection tools.

Information Reuse and Security - In Production System Engineering (PSE), domain experts from different disciplines reuse assets such as products, production processes, and resources. Therefore, PSE organizations aim at establishing reuse across engineering disciplines. However, the coordination of multi-disciplinary reuse tasks, e.g., the re-validation of related assets after changes, is hampered by the coarse-grained representation of tasks and by scattered, heterogeneous domain knowledge. This paper introduces the Multi-disciplinary Reuse Coordination (MRC) artifact to improve task management for multi-disciplinary reuse. For assets and their properties, the MRC artifact describes sub-tasks with progress and result states to provide references for detailed reuse task management across engineering disciplines. In a feasibility study on a typical robot cell in automotive manufacturing, we investigate the effectiveness of task management with the MRC artifact compared to traditional approaches. Results indicate that the MRC artifact is feasible and provides effective capabilities for coordinating multi-disciplinary re-validation after changes.

Information Reuse and Security - Evaluating the security gains brought by software diversity is one key issue of software diversity research, but the existing software diversity evaluation methods are generally based on conventional code features and are relatively single, which are difficult to accurately reflect the security gains brought by software diversity. To solve these problems, from the perspective of return-oriented programming (ROP) attack, we present a software diversity evaluation method which integrates metrics for the quality and distribution of gadgets. Based on the proposed evaluation method and SpiderMonkey JavaScript engine, we implement a software diversity evaluation system for compiled languages and script languages. Diversity techniques with different granularities are used to test. The evaluation results show that the proposed evaluation method can accurately and comprehensively reflect the security gains brought by software diversity.

Information Reuse and Security - Common Vulnerabilities and Exposures (CVE) databases contain information about vulnerabilities of software products and source code. If individual elements of CVE descriptions can be extracted and structured, then the data can be used to search and analyze CVE descriptions. Herein we propose a method to label each element in CVE descriptions by applying Named Entity Recognition (NER). For NER, we used BERT, a transformer-based natural language processing model. Using NER with machine learning can label information from CVE descriptions even if there are some distortions in the data. An experiment involving manually prepared label information for 1000 CVE descriptions shows that the labeling accuracy of the proposed method is about 0.81 for precision and about 0.89 for recall. In addition, we devise a way to train the data by dividing it into labels. Our proposed method can be used to label each element automatically from CVE descriptions.

Information Reuse and Security - Successive approximation register analog-to-digital converter (SAR ADC) is widely adopted in the Internet of Things (IoT) systems due to its simple structure and high energy efficiency. Unfortunately, SAR ADC dissipates various and unique power features when it converts different input signals, leading to severe vulnerability to power side-channel attack (PSA). The adversary can accurately derive the input signal by only measuring the power information from the analog supply pin (AVDD), digital supply pin (DVDD), and/or reference pin (Ref) which feed to the trained machine learning models. This paper first presents the detailed mathematical analysis of power side-channel attack (PSA) to SAR ADC, concluding that the power information from AVDD is the most vulnerable to PSA compared with the other supply pin. Then, an LSB-reused protection technique is proposed, which utilizes the characteristic of LSB from the SAR ADC itself to protect against PSA. Lastly, this technique is verified in a 12-bit 5 MS/s secure SAR ADC implemented in 65nm technology. By using the current waveform from AVDD, the adopted convolutional neural network (CNN) algorithms can achieve \textgreater99\% prediction accuracy from LSB to MSB in the SAR ADC without protection. With the proposed protection, the bit-wise accuracy drops to around 50\%.

Information Reuse and Security - The experimental results demonstrated that, With the development of cloud computing, more and more people use cloud computing to do all kinds of things. However, for cloud computing, the most important thing is to ensure the stability of user data and improve security at the same time. From an analysis of the experimental results, it can be found that Cloud computing makes extensive use of technical means such as computing virtualization, storage system virtualization and network system virtualization, abstracts the underlying physical facilities into external unified interfaces, maps several virtual networks with different topologies to the underlying infrastructure, and provides differentiated services for external users. By comparing and analyzing the experimental results, it is clear that virtualization technology will be the main way to solve cloud computing security. Virtualization technology introduces a virtual layer between software and hardware, provides an independent running environment for applications, shields the dynamics, distribution and differences of hardware platforms, supports the sharing and reuse of hardware resources, provides each user with an independent and isolated computer environment, and facilitates the efficient and dynamic management and maintenance of software and hardware resources of the whole system. Applying virtualization technology to cloud security reduces the hardware cost and management cost of "cloud security" enterprises to a certain extent, and improves the security of "cloud security" technology to a certain extent. This paper will outline the basic cloud computing security methods, and focus on the analysis of virtualization cloud security technology

Information Reuse and Security - Code-reuse attacks (including ROP/JOP) severely threaten computer security. Control-flow integrity (CFI), which can restrict control flow in legal scope, is recognised as an effective defence mechanism against code-reuse attacks. Hardware-based CFI uses Instruction Set Architecture (ISA) extensions with additional hardware modules to implement CFI and achieve better performance. However, hardware-based fine-grained CFI adds new instructions to the ISA, which can not be executed on old processors and breaks the compatibility of programs. Some coarse-grained CFI designs, such as Intel IBT, maintain the compatibility of programs but can not provide enough security guarantees.To balance the security and compatibility of hardware CFI, we propose Transparent Forward CFI (TFCFI). TFCFI implements hardware-based fine-grained CFI designs without changing the ISA. The software modification of TFCFI utilizes address information and hint instructions in RISC-V as transparent labels to mark the program. The hardware module of TFCFI monitors the control flow during execution. The program modified by TFCFI can be executed on old processors without TFCFI. Benefiting from transparent labels, TFCFI also solves the destination equivalence problem. The experiment on FPGA shows that TFCFI incurs negligible performance overhead (1.82\% on average).

Information Reuse and Security - With the development of software defined network and network function virtualization, network operators can flexibly deploy service function chains (SFC) to provide network security services more than before according to the network security requirements of business systems. At present, most research on verifying the correctness of SFC is based on whether the logical sequence between service functions (SF) in SFC is correct before deployment, and there is less research on verifying the correctness after SFC deployment. Therefore, this paper proposes a method of using Colored Petri Net (CPN) to establish a verification model offline and verify whether each SF deployment in SFC is correct after online deployment. After the SFC deployment is completed, the information is obtained online and input into the established model for verification. The experimental results show that the SFC correctness verification method proposed in this paper can effectively verify whether each SF in the deployed SFC is deployed correctly. In this process, the correctness of SF model is verified by using SF model in the model library, and the model reuse technology is preliminarily discussed.

Information Reuse and Security - At present, code reuse attacks, such as Return Oriented Programming (ROP), execute attacks through the code of the application itself, bypassing the traditional defense mechanism and seriously threatening the security of computer software. The existing two mainstream defense mechanisms, Address Space Layout Randomization (ASLR), are vulnerable to information disclosure attacks, and Control-Flow Integrity (CFI) will bring high overhead to programs. At the same time, due to the widespread use of software of unknown origin, there is no source code provided or available, so it is not always possible to secure the source code. In this paper, we propose FRCFI, an effective method based on binary rewriting to prevent code reuse attacks. FRCFI first disrupts the program s memory space layout through function shuffling and NOP insertion, then verifies the execution of the control-flow branch instruction ret and indirect call/jmp instructions to ensure that the target address is not modified by attackers. Experiment show shows that FRCFI can effectively defend against code reuse attacks. After randomization, the survival rate of gadgets is only 1.7\%, and FRCFI adds on average 6.1\% runtime overhead on SPEC CPU2006 benchmark programs.

Intrusion Intolerance - Low Power Wide Area Networks (LPWAN) offer a promising wireless communications technology for Internet of Things (IoT) applications. Among various existing LPWAN technologies, Long-Range WAN (LoRaWAN) consumes minimal power and provides virtual channels for communication through spreading factors. However, LoRaWAN suffers from the interference problem among nodes connected to a gateway that uses the same spreading factor. Such interference increases data communication time, thus reducing data freshness and suitability of LoRaWAN for delay-sensitive applications. To minimize the interference problem, an optimal allocation of the spreading factor is requisite for determining the time duration of data transmission. This paper proposes a game-theoretic approach to estimate the time duration of using a spreading factor that ensures on-time data delivery with maximum network utilization. We incorporate the Age of Information (AoI) metric to capture the freshness of information as demanded by the applications. Our proposed approach is validated through simulation experiments, and its applicability is demonstrated for a crop protection system that ensures real-time monitoring and intrusion control of animals in an agricultural field. The simulation and prototype results demonstrate the impact of the number of nodes, AoI metric, and game-theoretic parameters on the performance of the IoT network.

Intrusion Intolerance - While our society accelerates its transition to the Internet of Things, billions of IoT devices are now linked to the network. While these gadgets provide enormous convenience, they generate a large amount of data that has already beyond the network’s capacity. To make matters worse, the data acquired by sensors on such IoT devices also include sensitive user data that must be appropriately treated. At the moment, the answer is to provide hub services for data storage in data centers. However, when data is housed in a centralized data center, data owners lose control of the data, since data centers are centralized solutions that rely on data owners’ faith in the service provider. In addition, edge computing enables edge devices to collect, analyze, and act closer to the data source, the challenge of data privacy near the edge is also a tough nut to crack.A large number of user information leakage both for IoT hub and edge made the system untrusted all along. Accordingly, building a decentralized IoT system near the edge and bringing real trust to the edge is indispensable and significant. To eliminate the need for a centralized data hub, we present a prototype of a unique, secure, and decentralized IoT framework called Reja, which is built on a permissioned Blockchain and an intrusion-tolerant messaging system ChiosEdge, and the critical components of ChiosEdge are reliable broadcast and BFT consensus. We evaluated the latency and throughput of Reja and its sub-module ChiosEdge.