Intellectual Property Security - The goals, objectives and criteria of the effectiveness of the creation, maintenance and use of the Digital Information Fund of Intellectual Property (DIFIP) are considered. A formalized methodology is proposed for designing DIFIPs, increasing its efficiency and quality, based on a set of interconnected models, methods and algorithms for analysis, synthesis and normalization distributed information management of DIFIP s structure; classification of databases users of patent and scientific and technical information; synthesis of optimal logical structures of the DIFIP database and thematic databases; assessing the quality of the database and ensuring the required level of data security.

Intellectual Property Security - In the process of crowdsourced testing service, the intellectual property of crowdsourced testing has been faced with problems such as code plagiarism, difficulties in confirming rights and unreliability of data. Blockchain is a decentralized, tamper-proof distributed ledger, which can help solve current problems. This paper proposes an intellectual property right confirmation system oriented to crowdsourced testing services, combined with blockchain, IPFS (Interplanetary file system), digital signature, code similarity detection to realize the confirmation of crowdsourced testing intellectual property. The performance test shows that the system can meet the requirements of normal crowdsourcing business as well as high concurrency situations.

Insider Threat - Compare to outside threats, insider threats that originate within targeted systems are more destructive and invisible. More importantly, it is more difficult to detect and mitigate these insider threats, which poses significant cyber security challenges to an industry control system (ICS) tightly coupled with today’s information technology infrastructure. Currently, power utilities rely mainly on the authentication mechanism to prevent insider threats. If an internal intruder breaks the protection barrier, it is hard to identify and intervene in time to prevent harmful damage. Based on the existing in-depth security defense system, this paper proposes an insider threat protection scheme for ICSs of power utilities. This protection scheme can conduct compliance check by taking advantage of the characteristics of its business process compliance and the nesting of upstream and downstream business processes. Taking the Advanced Metering Infrastructures (AMIs) in power utilities as an example, the potential insider threats of violation and misoperation under the current management mechanism are identified after the analysis of remote charge control operation. According to the business process, a scheme of compliance check for remote charge control command is presented. Finally, the analysis results of a specific example demonstrate that the proposed scheme can effectively prevent the consumers’ power outage due to insider threats.

Insider Threat - Insider threats have high risk and concealment characteristics, which makes traditional anomaly detection methods less effective in insider threat detection. Existing detection methods ignore the logical relationship between user behaviors and the consistency of behavior sequences among homogeneous users, resulting in poor model effects. We propose an insider threat detection method based on internal user heterogeneous graph embedding. Firstly, according to the characteristics of CERT data, comprehensively consider the relationship between users, the time sequence, and logical relationship, and construct a heterogeneous graph. In the second step, according to the characteristics of heterogeneous graphs, the embedding learning of graph nodes is carried out according to random walk and Word2vec. Finally, we propose an Insider Threat Detection Design (ITDD) model which can map and the user behavior sequence information into a high-dimensional feature space. In the CERT r5.2 dataset, compared with a variety of traditional machine learning methods, the effect of our method is significantly better than the final result.

Insider Threat - Web services are growing demand with fundamental advancements and have given more space to researchers for improving security of all real world applications. Accessing and get authenticated in many applications on web services, user discloses their password and other privacy data to the server for authentication purposes. These shared information should be maintained by the server with high security, otherwise it can be used for illegal purposes for any authentication breach. Protecting the applications from various attacks is more important. Comparing the security threats, insider attacks are most challenging to identify due to the fact that they use the authentication of legitimate users and their privileges to access the application and may cause serious threat to the application. Insider attacks has been studied in previous researchers with different security measures, however there is no much strong work proposed. Various security protocols were proposed for defending insider attackers. The proposed work focused on insider attack protection through Elgamal cryptography technique. The proposed work is much effective on insider attacks and also defends against various attacks. The proposed protocol is better than existing works. The key computation cost and communication cost is relatively low in this proposed work. The proposed work authenticates the application by parallel process of two way authentication mechanism through Elgamal algorithm.

Insider Threat - Among the greatest obstacles in cybersecurity is insider threat, which is a well-known massive issue. This anomaly shows that the vulnerability calls for specialized detection techniques, and resources that can help with the accurate and quick detection of an insider who is harmful. Numerous studies on identifying insider threats and related topics were also conducted to tackle this problem are proposed. Various researches sought to improve the conceptual perception of insider risks. Furthermore, there are numerous drawbacks, including a dearth of actual cases, unfairness in drawing decisions, a lack of self-optimization in learning, which would be a huge concern and is still vague, and the absence of an investigation that focuses on the conceptual, technological, and numerical facets concerning insider threats and identifying insider threats from a wide range of perspectives. The intention of the paper is to afford a thorough exploration of the categories, levels, and methodologies of modern insiders based on machine learning techniques. Further, the approach and evaluation metrics for predictive models based on machine learning are discussed. The paper concludes by outlining the difficulties encountered and offering some suggestions for efficient threat identification using machine learning.

Insider Threat - In recent years, data security incidents caused by insider threats in distributed file systems have attracted the attention of academia and industry. The most common way to detect insider threats is based on user profiles. Through analysis, we realize that based on existing user profiles are not efficient enough, and there are many false positives when a stable user profile has not yet been formed. In this work, we propose personalized user profiles and design an insider threat detection framework, which can intelligently detect insider threats for securing distributed file systems in real-time. To generate personalized user profiles, we come up with a time window-based clustering algorithm and a weighted kernel density estimation algorithm. Compared with non-personalized user profiles, both the Recall and Precision of insider threat detection based on personalized user profiles have been improved, resulting in their harmonic mean F1 increased to 96.52\%. Meanwhile, to reduce the false positives of insider threat detection, we put forward operation recommendations based on user similarity to predict new operations that users will produce in the future, which can reduce the false positive rate (FPR). The FPR is reduced to 1.54\% and the false positive identification rate (FPIR) is as high as 92.62\%. Furthermore, to mitigate the risks caused by inaccurate authorization for users, we present user tags based on operation content and permission. The experimental results show that our proposed framework can detect insider threats more effectively and precisely, with lower FPR and high FPIR.

Insider Threat - A malicious insider threat is more vulnerable to an organization. It is necessary to detect the malicious insider because of its huge impact to an organization. The occurrence of a malicious insider threat is less but quite destructive. So, the major focus of this paper is to detect the malicious insider threat in an organization. The traditional insider threat detection algorithm is not suitable for real time insider threat detection. A supervised learning-based anomaly detection technique is used to classify, predict and detect the malicious and non-malicious activity based on highest level of anomaly score. In this paper, a framework is proposed to detect the malicious insider threat using supervised learning-based anomaly detection. It is used to detect the malicious insider threat activity using One-Class Support Vector Machine (OCSVM). The experimental results shows that the proposed framework using OCSVM performs well and detects the malicious insider who obtain huge anomaly score than a normal user.

Insider Threat - This paper deals with how to implement a system that extends insider threat behavior data using private blockchain technology to overcome the limitations of insider threat datasets. Currently, insider threat data is completely undetectable in existing datasets for new methods of insider threat due to the lack of insider threat scenarios and abstracted event behavior. Also, depending on the size of the company, it was difficult to secure a sample of data with the limit of a small number of leaks among many general users in other organizations. In this study, we consider insiders who pose a threat to all businesses as public enemies. In addition, we proposed a system that can use a private blockchain to expand insider threat behavior data between network participants in real-time to ensure reliability and transparency.

Insider Threat - This paper discusses the outcome of combining insider threat agent taxonomies with the aim of enhancing insider threat detection. The objectives sought to explore taxonomy combinations and investigate threat sophistication from the taxonomy combinations. Investigations revealed the plausibility of combining the various taxonomy categories to derive a new taxonomy. An observation on category combinations yielded the introduction of the concept of a threat path. The proposed taxonomy tree consisted of more than a million threat-paths obtained using a formula from combinatorics analysis. The taxonomy category combinations thus increase the insider threat landscape and hence the gap between insider threat agent sophistication and countermeasures. On the defensive side, knowledge of insider threat agent taxonomy category combinations has the potential to enhance defensive countermeasure tactics, techniques and procedures, thus increasing the chances of insider threat detection.

Insider Threat - Insider threats are steadily increasing, and the damage is also enormous. To prevent insider threats, security solutions, such as DLP, SIEM, etc., are being steadily developed. However, they have limitations due to the high rate of false positives. In this paper, we propose a data analysis method and methodology for responding to a technology leak incident. The future study may be performed based on the proposed methodology.

Information Centric Networks - One of the most challenging issues facing Internet of Medical Things (IoMT) cyber defense is the complexity of their ecosystem coupled with the development of cyber-attacks. Medical equipments lack built-in security and are increasingly becoming connected. Moving beyond traditional security solutions becomes a necessity to protect patients and organizations. In order to effectively deal with the security risks of networked medical devices in such a complex and heterogeneous system, we need to measure security risks and prioritize mitigation actions. In this context, we propose a Fuzzy AHP-based method to assess security attributes of connected medical devices and compare different device models against a selected profile with regards to the user requirements. The proposal aims to empower user security awareness to make well-educated decisions.

Information Centric Networks - This work expands on our prior work on an architecture and supporting protocols to efficiently integrate constrained devices into an Information-Centric Network-based Internet of Things in a way that is both secure and scalable. In this work, we propose a scheme for addressing additional threats and integrating trust-based behavioral observations and attribute-based access control by leveraging the capabilities of less constrained coordinating nodes at the network edge close to IoT devices. These coordinating devices have better insight into the behavior of their constituent devices and access to a trusted overall security management cloud service. We leverage two modules, the security manager (SM) and trust manager (TM). The former provides data confidentiality, integrity, authentication, and authorization, while the latter analyzes the nodes behavior using a trust model factoring in a set of service and network communication attributes. The trust model allows trust to be integrated into the SM s access control policies, allowing access to resources to be restricted to trusted nodes.

Information Centric Networks - Named Data Networking (NDN) has been viewed as a promising future Internet architecture. It requires a new access control scheme to prevent the injection of unauthorized data request. In this paper, an access control supported by information service entity (ACISE) is proposed for NDN networks. A trust entity, named the information service entity (ISE), is deployed in each domain for the registration of the consumer and the edge router. The identity-based cryptography (IBC) is used to generate a private key for the authorized consumer at the ISE and to calculate a signature encapsulated in the Interest packet at the consumer. Therefore, the edge router could support the access control by the signature verification of the Interest packets so that no Interest packet from unauthorized consumer could be forwarded or replied. Moreover, shared keys are negotiated between authorized consumers and their edge routers. The subsequent Interest packets would be verified by the message authentication code (MAC) instead of the signature. The simulation results have shown that the ACISE scheme would achieve a similar response delay to the original NDN scheme when the NDN is under no attacks. However, the ACISE scheme is immune to the cache pollution attacks so that it could maintain a much smaller response delay compared to the other schemes when the NDN network is under the attacks.

Information Centric Networks - Tactical Data Link (TDL) is one of the important elements in Network Centric Warfare (NCW). TDL provides the means for rapid exchange of tactical information between air, ground, sea units and command centers. In military operations, TDL has high demands for resilience, responsiveness, reliability, availability and security. MANET has characteristics that are suitable for the combat environment, namely the ability to self-form and self-healing so that this network may be applied to the TDL system. To produce high performance in MANET adapted for TDL system, an efficient MAC Protocol method is needed. This paper provides a survey of several MAC Protocol methods on a tactical MANET. In this paper also suggests some improvements to the MANET MAC protocol to improve TDL system performance.

Information Centric Networks - Traffic in a backbone network has high forwarding rate requirements, and as the network gets larger, traffic increases and forwarding rates decrease. In a Software Defined Network (SDN), the controller can manage a global view of the network and control the forwarding of network traffic. A deterministic network has different forwarding requirements for the traffic of different priority levels. Static traffic load balancing is not flexible enough to meet the needs of users and may lead to the overloading of individual links and even network collapse. In this paper, we propose a new backbone network load balancing architecture - EDQN (Edge Deep Q-learning Network), which implements queue-based gate-shaping algorithms at the edge devices and load balancing of traffic on the backbone links. With the advantages of SDN, the link utilization of the backbone network can be improved, the delay in traffic transmission can be reduced and the throughput of traffic during transmission can be increased.

Information Centric Networks - Named in-network computing is an emerging technology of Named Data Networking (NDN). Through deploying the named computing services/functions on NDN router, the router can utilize its free resources to provide nearby computation for users while relieving the pressure of cloud and network edge. Benefitted from the characteristic of named addressing, named computing services/functions can be easily discovered and migrated in the network. To implement named in-network computing, integrating the computing services as Virtual Machines (VMs) into the software router is a feasible way, but how to effectively deploy the service VMs to optimize the local processing capability is still a challenge. Focusing on this problem, we first give the design of NDN-enabled software router in this paper, then propose a service earning based named service deployment scheme (SE-NSD). For available service VMs, SE-NSD not only considers their popularities but further evaluates their service earnings (processed data amount per CPU cycle). Through modelling the deployment problem as the knapsack problem, SE-NSD determines the optimal service VMs deployment scheme. The simulation results show that, comparing with the popularity-based deployment scheme, SE-NSD can promote about 30\% in-network computing capability while slightly reducing the service invoking RTT of user.

Information Centric Networks - The 6G wireless communication networks are being studied to build a powerful networking system with global coverage, enhanced spectral/energy/cost efficiency, better intelligent level and security. This paper presents a four-in-one networking paradigm named 3CL-Net that would broaden and strengthen the capabilities of current networking by introducing ubiquitous computing, caching, and intelligence over the communication connection to build 6G-required capabilities. To evaluate the practicability of 3CL-Net, this paper designs a platform based on the 3CL-Net architecture. The platform adopts leader-followers structure that could support all functions of 3CL-Net, but separate missions of 3CL-Net into two parts. Moreover, this paper has implemented part of functions as a prototype, on which some experiments are carried out. The results demonstrate that 3CL-Net is potential to be a practical and effective network paradigm to meet future requirements, meanwhile, 3CL-Net could motivate designs of related platforms as well.

Information Centric Networks - The 5G research community is increasingly leveraging the innovative features offered by Information Centric Networking (ICN). However, ICN’s fundamental features, such as in-network caching, make access control enforcement more challenging in an ICN-based 5G deployment. To address this shortcoming, we propose a Blockchain-based Decentralized Authentication Protocol (BDAP) which enables efficient and secure mobile user authentication in an ICN-based 5G network. We show that BDAP is robust against a variety of attacks to which mobile networks and blockchains are particularly vulnerable. Moreover, a preliminary performance analysis suggests that BDAP can reduce the authentication delay compared to the standard 5G authentication protocols.

Information Centric Networks - This paper proposes a Mobile IoT optimization method for Next-Generation networks by evaluating a series of named-based techniques implemented in Information-Centric Networking (ICN). The idea is based on the possibility to have a more suitable naming and forwarding mechanism to be implemented in IoT. The main advantage of the method is in achieving a higher success packet rate and data rate by following the proposed technique even when the device is mobile / roaming around. The proposed technique is utilizing a root prefix naming which allows faster process and dynamic increase for content waiting time in Pending Interest Table (PIT). To test the idea, a simulation is carried out by mimicking how IoT can be implemented, especially in smart cities, where a user can also travel and not be static. Results show that the proposed technique can achieve up to a 13\% interest success rate and an 18.7\% data rate increase compared to the well-known implementation algorithms. The findings allow for possible further cooperation of data security factors and ensuring energy reduction through leveraging more processes at the edge node.

Information Centric Networks - Internet architecture has transformed into a more complex form than it was about a decade back. Today the internet comprises multimedia information where services and web applications have started to shift their focus on content. In our perspective of communication systems, content-centric networking (CCN) proposes a new methodology. The use of cache memory at the network level is an important feature of this new architecture. This cache is intended to store transit details for a set period, and it is hoped that this capability will aid in network quality, especially in a rapidly increasing video streaming situation. Information-centric networking (ICN) is the one architecture that is seen as a possible alternative for shifting the Internet from a host-centric to a content-centric point-of-view. It focuses on data rather than content. CCN is more reliable when it comes to data delivery as it does not need to depend on location for data. CCN architecture is scalable, secure and provides mobility support. In this paper, we implement a ccnchat, a chat testing application, which is created with the help of libraries provided by Palo Alto Research Center (PARC) on local area network (LAN) between two users and demonstrate the working of this local chat application over CCN network that works alongside existing IP infrastructure.

Information Forensics - Digital forensics is essential when performing in-depth crime investigations and evidence extraction, especially in the field of the Internet of Things, where there is a ton of information every second boosted with latest and smartest technological devices. However, the enormous growth of data and the nature of its complexity could constrain the data examination process since traditional data acquisition techniques are not applicable nowadays. Therefore, if the knowledge gap between digital forensics and the Internet of Things is not bridged, investigators will jeopardize the loss of a possible rich source of evidence that otherwise could act as a lead in solving open cases. The work aims to introduce examples of employing the latest Internet of Things forensics approaches as a panacea in this regard. The paper covers a variety of articles presenting the new Blockchain, fog, and video-based applications that can aid in easing the process of digital forensics investigation with a focus on the Internet of Things. The results of the review indicated that the above current trends are very promising procedures in the field of Internet of Things digital forensics and need to be explored and applied more actively.

Information Forensics - Access control includes authorization of security administrators and access of users. Aiming at the problems of log information storage difficulty and easy tampering faced by auditing and traceability forensics of authorization and access in cross-domain scenarios, we propose an access control auditing and traceability forensics method based on Blockchain, whose core is Ethereum Blockchain and IPFS interstellar mail system, and its main function is to store access control log information and trace forensics. Due to the technical characteristics of blockchain, such as openness, transparency and collective maintenance, the log information metadata storage based on Blockchain meets the requirements of distribution and trustworthiness, and the exit of any node will not affect the operation of the whole system. At the same time, by storing log information in the blockchain structure and using mapping, it is easy to locate suspicious authorization or judgment that lead to permission leakage, so that security administrators can quickly grasp the causes of permission leakage. Using this distributed storage structure for security audit has stronger anti-attack and anti-risk.

Information Forensics - With the inundation of more cost effective and improved flight performance Unmanned Aerial Vehicles (UAVs) into the consumer market, we have seen more uses of these for both leisure and business purposes. As such, demand for digital forensic examination on these devices has seen an increase as well. This research will explore and discuss the forensic examination process on one of the more popular brands of UAV in Singapore, namely DJI. The findings are from the examination of the exposed File Transfer Protocol (FTP) channel and the extraction of the Data-at-Rest on the memory chip of the drone. The extraction was done using the Chip-Off and Chip-On technique.

Information Forensics - With large advancements in image display technology, recapturing high-quality images from high-fidelity LCD screens becomes much easier. Such recaptured images can be used to hide image tampering traces and fool some intelligent identification systems. In order to prevent such a security loophole, we propose a recaptured image detection approach based on generalized central difference convolution (GCDC) network. Specifically, by using GCDC instead of vanilla convolution, more detailed features can be extracted from both intensity and gradient information from an image. Meanwhile, we concatenate the feature maps from multiple GCDC modules to fuse low-, mid-, and high-level features for higher performance. Extensive experiments on three public recaptured image databases demonstrate the superior of our proposed method when compared with the state-of-the-art approaches.