Network Security Resiliency - Trending towards autonomous transportation systems, modern vehicles are equipped with hundreds of sensors and actuators that increase the intelligence of the vehicles with a higher level of autonomy, as well as facilitate increased communication with entities outside the in-vehicle network.However, increase in a contact point with the outside world has exposed the controller area network (CAN) of a vehicle to remote security vulnerabilities. In particular, an attacker can inject fake high priority messages within the CAN through the contact points, while preventing legitimate messages from controlling the CAN (Denial-of-Service (DoS) attack). In this paper, we propose a Moving Target Defense (MTD) based mechanism to provide resiliency against DoS attack, where we shuffle the message priorities at different communication cycles, opposed to the state-of-the-art message priority setup, to nullify the attacker’s knowledge of message priorities for a given time. The performance and efficacy of the proposed shuffling algorithm has been analyzed under different configuration, and compared against the state-of-the-art solutions. It is observed that the proposed mechanism is successful in denying DoS attack when the attacker is able to bypass preemptive strategies and inject messages within the in-vehicle network.

Network Security Resiliency - Distributed cyber-infrastructures and Artificial Intelligence (AI) are transformative technologies that will play a pivotal role in the future of society and the scientific community. Internet of Things (IoT) applications harbor vast quantities of connected devices that collect a massive amount of sensitive information (e.g., medical, financial), which is usually analyzed either at the edge or federated cloud systems via AI/Machine Learning (ML) algorithms to make critical decisions (e.g., diagnosis). It is of paramount importance to ensure the security, privacy, and trustworthiness of data collection, analysis, and decision-making processes. However, system complexity and increased attack surfaces make these applications vulnerable to system breaches, single-point of failures, and various cyber-attacks. Moreover, the advances in quantum computing exacerbate the security and privacy challenges. That is, emerging quantum computers can break conventional cryptographic systems that offer cyber-security services, public key infrastructures, and privacy-enhancing technologies. Therefore, there is a vital need for new cyber-security paradigms that can address the resiliency, long-term security, and efficiency requirements of distributed cyber infrastructures.

Network Security Resiliency - The 5G ecosystem is designed as a highly sophisticated and modularized architecture that decouples the radio access network (RAN), the multi-access edge computing (MEC) and the mobile core to enable different and scalable deployments. It leverages modern principles of virtualized network functions, microservices-based service chaining, and cloud-native software stacks. Moreover, it provides built-in security and mechanisms for slicing. Despite all these capabilities, there remain many gaps and opportunities for additional capabilities to support end-toend secure operations for applications across many domains. Although 5G supports mechanisms for network slicing and tunneling, new algorithms and mechanisms that can adapt network slice configurations dynamically to accommodate urgent and mission-critical traffic are needed. Such slices must be secure, interference-aware, and free of side channel attacks. Resilience of the 5G ecosystem itself requires an effective means for observability and (semi-)autonomous self-healing capabilities. To address this plethora of challenges, this paper presents the SECurity and REsiliency TEchniques for Differentiated 5G OPerationS (SECRETED 5G OPS) project, which is investigating fundamental new solutions that center on the zero trust, network slicing, and network augmentation dimensions, which together will achieve secure and differentiated operations in 5G networks. SECRETED 5G OPS solutions are designed to be easily deployable, minimally invasive to the existing infrastructure, not require modifications to user equipment other than possibly firmware upgrades, economically viable, standards compliant, and compliant to regulations.

Network Security Resiliency - The 5G ecosystem is designed as a highly sophisticated and modularized architecture that decouples the radio access network (RAN), the multi-access edge computing (MEC) and the mobile core to enable different and scalable deployments. It leverages modern principles of virtualized network functions, microservices-based service chaining, and cloud-native software stacks. Moreover, it provides built-in security and mechanisms for slicing. Despite all these capabilities, there remain many gaps and opportunities for additional capabilities to support end-toend secure operations for applications across many domains. Although 5G supports mechanisms for network slicing and tunneling, new algorithms and mechanisms that can adapt network slice configurations dynamically to accommodate urgent and mission-critical traffic are needed. Such slices must be secure, interference-aware, and free of side channel attacks. Resilience of the 5G ecosystem itself requires an effective means for observability and (semi-)autonomous self-healing capabilities. To address this plethora of challenges, this paper presents the SECurity and REsiliency TEchniques for Differentiated 5G OPerationS (SECRETED 5G OPS) project, which is investigating fundamental new solutions that center on the zero trust, network slicing, and network augmentation dimensions, which together will achieve secure and differentiated operations in 5G networks. SECRETED 5G OPS solutions are designed to be easily deployable, minimally invasive to the existing infrastructure, not require modifications to user equipment other than possibly firmware upgrades, economically viable, standards compliant, and compliant to regulations.

Network Security Resiliency - The renewable energy proliferation calls upon the grid operators and planners to systematically evaluate the potential impacts of distributed energy resources (DERs). Considering the significant differences between various inverter-based resources (IBRs), especially the different capabilities between grid-forming inverters and grid-following inverters, it is crucial to develop an efficient and effective assessment procedure besides available co-simulation framework with high computation burdens. This paper presents a streamlined graph-based topology assessment for the integrated power system transmission and distribution networks. Graph analyses were performed based on the integrated graph of modified miniWECC grid model and IEEE 8500-node test feeder model, high performance computing platform with 40 nodes and total 2400 CPUs has been utilized to process this integrated graph, which has 100,000+ nodes and 10,000+ IBRs. The node ranking results not only verified the applicability of the proposed method, but also revealed the potential of distributed grid forming (GFM) and grid following (GFL) inverters interacting with the centralized power plants.

Network Security Resiliency - Software-Defined Networking (SDN) technique is presented in this paper to manage the Naval Supervisory Control and Data Acquisition (SCADA) network for equipping the network with the function of reconfiguration and scalability. The programmable nature of SDN enables a programmable Modular Topology Generator (MTG), which provides an extensive control over the network’s internal connectivity and traffic control. Specifically, two functions of MTG are developed and examined in this paper, namely linkHosts and linkSwitches. These functions are able to place the network into three different states, i.e., fully connected, fully disconnected, and partially connected. Therefore, it provides extensive security benefits and allows network administrators to dynamically reconfigure the network and adjust settings according to the network’s needs. Extensive tests on Mininet have demonstrated the effectiveness of SDN for enabling the reconfigurable and scalable Naval SCADA network. Therefore, it provides a potent tool to enhance the resiliency/survivability, scalability/compatibility, and security of naval SCADA networks.

Network Security Resiliency - An often overlooked but equally important aspect of unmanned aerial system (UAS) design is the security of their networking protocols and how they deal with cyberattacks. In this context, cyberattacks are malicious attempts to monitor or modify incoming and outgoing data from the system. These attacks could target anywhere in the system where a transfer of data occurs but are most common in the transfer of data between the control station and the UAS. A compromise in the networking system of a UAS could result in a variety of issues including increased network latency between the control station and the UAS, temporary loss of control over the UAS, or a complete loss of the UAS. A complete loss of the system could result in the UAS being disabled, crashing, or the attacker overtaking command and control of the platform, all of which would be done with little to no alert to the operator. Fortunately, the majority of higher-end, enterprise, and government UAS platforms are aware of these threats and take actions to mitigate them. However, as the consumer market continues to grow and prices continue to drop, network security may be overlooked or ignored in favor of producing the lowest cost product possible. Additionally, these commercial off-the-shelf UAS often use uniform, standardized frequency bands, autopilots, and security measures, meaning a cyberattack could be developed to affect a wide variety of models with minimal changes. This paper will focus on a low-cost educational-use UAS and test its resilience to a variety of cyberattack methods, including man-in-the-middle attacks, spoofing of data, and distributed denial-of-service attacks. Following this experiment will be a discussion of current cybersecurity practices for counteracting these attacks and how they can be applied onboard a UAS. Although in this case the cyberattacks were tested against a simpler platform, the methods discussed are applicable to any UAS platform attempting to defend against such cyberattack methods.

Network Security Resiliency - A reliable synchrophasor network of phasor measurement units (PMUs) is essential for modern power system operations and management with rapidly increasing levels of renewable energy sources. Cyber-physical system vulnerabilities such as side-channel based denial of service (DoS) attacks can compromise PMU communications even when using an encrypted virtual private network. To overcome these vulnerabilities, countermeasures to DoS attacks needs to be developed. One such countermeasure is the development and deployment of a virtual synchrophasor network (VSN) to improve the reliability of a synchrophasor network to DoS attacks. A cellular computational networks (CCN) is a distributed artificial intelligence framework suitable for complex system modeling and estimation. CCNs have been proved to mitigate the effects of DoS attacks on single PMUs successfully. In this study, the robustness of a VSN is further investigated and proven to exhibit resiliency under concurrent DoS attacks. Typical results for VSN applications in multi-area power systems with utility-scale photovoltaic solar plants are presented.

Network Security Resiliency - Recently, Cloud Computing became one of today’s great innovations for provisioning Information Technology (IT) resources. Moreover, a new model has been introduced named Fog Computing, which addresses Cloud Computing paradigm issues regarding time delay and high cost. However, security challenges are still a big concern about the vulnerabilities to both Cloud and Fog Computing systems. Man- in- the- Middle (MITM) is considered one ofthe most destructive attacks in a Fog Computing context. Moreover, it’s very complex to detect MiTM attacks as it is performed passively at the SoftwareDefined Networking (SDN) level, also the Fog Computing paradigm is ideally suitable for MITM attacks. In this paper, a MITM mitigation schemewill be proposed consisting of an SDN network (Fog Leaders) which controls a layer of Fog Nodes. Furthermore, Multi-Path TCP (MPTCP) has been used between all edge devices and Fog Nodes to improve resource utilization and security. The proposed solution performance evaluation has been carried out in a simulation environment using Mininet, Ryu SDN controller and Multipath TCP (MPTCP) Linux kernel. The experimental results showed thatthe proposed solution improves security, network resiliency and resource utilization without any significant overheads compared to the traditional TCP implementation.

Network Security Architecture - As a result of globalization, the COVID-19 pandemic and the migration of data to the cloud, the traditional security measures where an organization relies on a security perimeter and firewalls do not work. There is a shift to a concept whereby resources are not being trusted, and a zero-trust architecture (ZTA) based on a zero-trust principle is needed. Adapting zero trust principles to networks ensures that a single insecure Application Protocol Interface (API) does not become the weakest link comprising of Critical Data, Assets, Application and Services (DAAS). The purpose of this paper is to review the use of zero trust in the security of a network architecture instead of a traditional perimeter. Different software solutions for implementing secure access to applications and services for remote users using zero trust network access (ZTNA) is also summarized. A summary of the author’s research on the qualitative study of “Insecure Application Programming Interface in Zero Trust Networks” is also discussed. The study showed that there is an increased usage of zero trust in securing networks and protecting organizations from malicious cyber-attacks. The research also indicates that APIs are insecure in zero trust environments and most organization are not aware of their presence.

Network Security Architecture - Design a new generation of smart power meter components, build a smart power network, implement power meter safety protection, and complete smart power meter network security protection. The new generation of smart electric energy meters mainly complete legal measurement, safety fee control, communication, control, calculation, monitoring, etc. The smart power utilization structure network consists of the master station server, front-end processor, cryptographic machine and master station to form a master station management system. Through data collection and analysis, the establishment of intelligent energy dispatching operation, provides effective energy-saving policy algorithms and strategies, and realizes energy-smart electricity use manage. The safety protection architecture of the electric energy meter is designed from the aspects of its own safety, full-scenario application safety, and safety management. Own security protection consists of hardware security protection and software security protection. The full-scene application security protection system includes four parts: boundary security, data security, password security, and security monitoring. Security management mainly provides application security management strategies and security responsibility division strategies. The construction of the intelligent electric energy meter network system lays the foundation for network security protection.

Network Security Architecture - To prevent all sorts of attacks, the technology of security service function chains (SFC) is proposed in recent years, it becomes an attractive research highlights. Dynamic orchestration algorithm can create SFC according to the resource usage of network security functions. The current research on creating SFC focuses on a single domain. However in reality the large and complex networks are divided into security domains according to different security levels and managed separately. Therefore, we propose a cross-security domain dynamic orchestration algorithm to create SFC for network security functions based on ant colony algorithm(ACO) and consider load balancing, shortest path and minimum delay as optimization objectives. We establish a network security architecture based on the proposed algorithm, which is suitable for the industrial vertical scenarios, solves the deployment problem of the dynamic orchestration algorithm. Simulation results verify that our algorithm achieves the goal of creating SFC across security domains and demonstrate its performance in creating service function chains to resolve abnormal traffic flows.

Network Security Architecture - Software-Defined Networking or SDN (Software-Defined Networking) is a technology for software control and management of the network in order to improve its properties. Unlike classic network management technologies, which are complex and decentralized, SDN technology is a much more flexible and simple system. The new architecture may be vulnerable to several attacks leading to resource depletion and preventing the SDN controller from providing support to legitimate users. One such attack is the Distributed Denial of Service (DDoS), which is on the rise today. We suggest Modified-DDoSNet, a system for detecting DDoS attacks in the SDN environment. A model based on Deep Learning (DL) techniques will be implemented, combining a Recurrent Neural Network (RNN) with an Autoencoder. The proposed model, which was first trained to detect attacks, was implemented in the security architecture of the SDN network, as a new component. The security architecture of the SDN network contains a total of 13 components, each of which represents an individual part of the architecture, where the first component is the RNN - autoencoder. The model itself, which is the first component, was trained in the CICDDoS2019 dataset. It has high reliability for attack detection, which increases the security of the SDN network architecture.

Network Security Architecture - Network security isolation technology is an important means to protect the internal information security of enterprises. Generally, isolation is achieved through traditional network devices, such as firewalls and gatekeepers. However, the security rules are relatively rigid and cannot better meet the flexible and changeable business needs. Through the double sandbox structure created for each user, each user in the virtual machine is isolated from each other and security is ensured. By creating a virtual disk in a virtual machine as a user storage sandbox, and encrypting the read and write of the disk, the shortcomings of traditional network isolation methods are discussed, and the application of cloud desktop network isolation technology based on VMwarer technology in universities is expounded.

Network Security Architecture - In view of the current network security architecture of power grid enterprises does not adapt to new regulatory regulations, does not adapt to the development trend of digitalization, and the new technology of network security is not covered, this paper designs a set of network security architecture containing element views, capability views and measures views on the basis of the IPDRR network security architecture model, combined with the requirements of power grid enterprises for network security architecture, which covers the network security requirements of "collection, transmission, storage, application" and information system life cycle at the level of information system architecture. Meet new regulations and provide leadership with an understanding of the security posture of the enterprise, improving the organization s ability to defend against attacks.

Network Reconnaissance - Through communication reconnaissance, the code stream of mobile communication cell users is obtained, and the code stream of single user are separated from the mixed code stream, which is vital for the behavior analysis and intelligent management of mobile terminals. In this process, the Cell Radio Network Temporary Identifier (C-RNTD is a specific sign of the user terminal, and is also the key to identify and separate different users code stream. However, there are few related studies on CRNTI and acquisition of code stream. To overcome the problem, the combining method about comprehensive searching of the 4th Generation Mobile Communication Technology (4G) Physical Downlink Control Channel (PDCCH), and interception of Sth Generation Mobile Communication Technology (5G) Physical Random Access Channel (PRACH) is proposed, to obtain the users C-RNTI effectively. According to the corresponding downlink control information (DCI), Physical Downlink Shared Channel (PDSCH) are correctly demodulated, descrambled and decoded to obtain the code stream within it. Finally, the communication reconnaissance receiver is used to carry out a real reconnaissance experiment on the actual 4G/5G\_ mobile communication system. The results, i.e. the obtained C-RNTI and code stream verify the correctness and efficiency of the proposed method. It lays an important technical foundation for the accurate identification and management of mobile communication user terminals.

Network Reconnaissance - With increasing number of data thefts courtesy of new and complex attack mechanisms being used everyday, declaring the internet as unsafe would be the understatement of the century. For current security experts the scenario is equivalent to an endless cat-and-mouse game across a constantly changing landscape. Hence relying on firewalls and anti-virus softwares is like trying to fight a modern, well-equipped army using sticks and stones. All that an attacker needs to successfully breach our system is the right social networking or the right malware used like a packing or encoding technique that our tools won’t detect. Therefore it is the need of the hour to shift our focus beyond edge defense, which largely involves validating the tools, and move towards identification of a breach followed by an appropriate response. This is achieved by implementing an ethereal network which is an end-to-end host and network approach that can actually scale as well as provide true breach detection. The objective is not just blocking; it is significant time reduction. When mundane methods involving firewalls and antiviruses fail, we need to determine what happened and respond. Any industry report uses the term weeks, months, and even years to determine the time of response, which is not good enough. Our goal is to bring it down to hours. We are talking about dramatic time reduction to improve our response, hence an effective breach detection approach is mandatory. A MHN (Modern Honey Network) with a honeypot system has been used to make management and deployment easier and to secure the honeypots. We have used various honeypots such as Glastopf, Dionaea honeypots, Kippo. The dubious activity will be recorded and the attacks details detected in MHN server. The final part of our research is reconnaissance. Since it can be awfully complicated we simplify the process by having our main focus on reconnaissance. Because if a malware or an insider threat breaks into something, they don’t know what they now have access to. This makes them feel the need to do reconnaissance. So, focusing on that behaviour provides us a simple way to determine that we have some unusual activity - whether it is an IOT device that has been compromised or whatever it may be, that has breached our network. Finally we deploy MHN, deploy Dionaea, Kippo, Snort honeypots and Splunk integration for analyzing the captured attacks which reveals the service port under attack and the source IP address of the attacker.

Network Reconnaissance - Multi-UAV cooperative reconnaissance for target search, localization, and tracking has attracted much attention in both civil and military applications, where strategies need to be designed for UAVs to finish the reconnaissance task cooperatively and in the time optimal manner. Different from the state-of-theart of recent research where all the UAVs involved are equipped with homogeneous payloads, this work exploits payload diversity to enhance the time efficiency of the cooperation and proposes a fast multi-UAV cooperative reconnaissance (FMUCR) method. FMUCR groups UAVs in pairs. In each pair, one UAV is equipped with a passive positioning radar, referred to as p-UAV, while another is equipped with an active positioning radar, referred to as a-UAV. FMUCR exploits the large detection range and rough target location detection of passive radar to enable fast search and directional tracking of a target, while the precise target position calculation of active radar to enable accurate tracking of a target. Specifically, the task area is partitioned into subareas according to the number of UAV pairs. Each UAV pair conducts target search, localization, and tracking in one subarea, where the p-UAV leads searching and preliminary tracking of targets, while accurate tracking of targets are taken over by the a-UAV. Algorithms for off-line path planning and on-line path planning are designed, respectively, for target search and target tracking. The comparative simulation demonstrates that, FMUCR can greatly shorten the target discovery time with little loss in target tracking accuracy.

Network Reconnaissance - Web applications are frequent targets of attack due to their widespread use and round the clock availability. Malicious users can exploit vulnerabilities in web applications to steal sensitive information, modify and destroy data as well as deface web applications. The process of exploiting web applications is a multi-step process and the first step in an attack is reconnaissance, in which the attacker tries to gather information about the target web application. In this step, the attacker uses highly efficient automated scanning tools to scan web applications. Following reconnaissance, the attacker proceeds to vulnerability scanning and subsequently attempts to exploit the vulnerabilities discovered to compromise the web application. Detection of reconnaissance scans by malicious users can be combined with other traditional intrusion detection and prevention systems to improve the security of web applications. In this paper, a method for detecting reconnaissance scans through analysis of web server access logs is proposed. The proposed approach uses an LSTM network based deep learning approach for detecting reconnaissance scans. Experiments conducted show that the proposed approach achieves a mean precision, recall and f1-score of 0.99 over three data sets and precision, recall and f1-score of 0.97, 0.96 and 0.96 over the combined dataset.

Network Reconnaissance - Reconnaissance (Recon) is an essential step in exploring an area to steal information gathering, and it also plays a crucial role in penetration testing. This paper aims to automate the reconnaissance process of bug hunting on a target using python programming. Information gathering is an essential step for any recon process, and it helps us to identify the targets as well as helps us to list out the areas where the user can work to exploit them. The main emphasis of this paper is on bug bounty and bug hunting – the former being the result/reward of performing the latter. This paper is purposely written for penetration testers to make it easy for them and automate the process of Information gathering, which is the very crucial phase of Penetration testing.

Network Reconnaissance - Footprinting and Reconnaissance is a vital part of every process that has existed existing on earth. The report introduces footprinting and reconnaissance, the types of footprinting and reconnaissance methods, their impacts, and ways to prevent the risks to raise awareness for possible threats from footprinting and reconnaissance. Comparison has been made between the different types of footprinting and reconnaissance and discussions on scenarios that should be used is being made as well. Examples of different types of footprinting and reconnaissance methods and tools have been listed for better understandings of the difference in types. Real-life scenarios and examples are being provided to show the impacts of footprinting and reconnaissance. The report contains demonstrations of two simple passive reconnaissance tools, theHarvester and Wayback Machine. Discussions and analysis of how the tools could be used to gain precious information from their targets and the possible impacts from information gained through the tools are being made. Possible solutions to protect the users from footprinting and reconnaissance have been provided and discussed. Critical analysis of the report and the topic by the author is being made right by the end of the conclusion. Conclusion of how the author has thought about footprinting and reconnaissance and information through researching about the topic had been mentioned in the end.

Network Reconnaissance - For the evaluation of UAV reconnaissance effectiveness under multiple conditions, an UAV reconnaissance effectiveness evaluation method based on rough set and neural network is proposed. In the method, the influencing factors are determined to construct the UAV reconnaissance effectiveness index system, then the redundant factors are removed combined with rough set theory, finally on the basis of the simplified factors BP neural network optimized through genetic algorithm is used to build an evaluation model of UAV reconnaissance effectiveness for improving the prediction accuracy. The simulation result shows that the method can not only overcome the shortcomings of the traditional BP neural network, such as poor fault tolerance and slow convergence speed, but also better evaluate the UAV reconnaissance effectiveness.

Network Reconnaissance - Network reconnaissance is a core security functionality, which can be used to detect hidden unauthorized devices or to identify missing devices. Currently, there is a lack of network reconnaissance tools capable of discovering Internet of Things (IoT) devices across multiple protocols. To bridge this gap, we introduce IoT-Scan, an extensible IoT network reconnaissance tool. IoT-Scan is based on softwaredefined radio (SDR) technology, which allows for a flexible implementation of radio protocols. We propose passive, active, multi-channel, and multi-protocol scanning algorithms to speed up the discovery of devices with IoT-Scan. We implement the scanning algorithms and compare their performance with four popular IoT protocols: Zigbee, Bluetooth LE, Z-Wave, and LoRa. Through experiments with dozens of IoT devices, we demonstrate that our implementation experiences minimal packet losses, and achieves performance near a theoretical benchmark.

Network Reconnaissance - Short-wave band signal density, complex electromagn-etic environment and relatively limited detection equipment often lead to low detection efficiency. Aiming at this situation, a scheduling method of short-wave detection equipment based on Hopfield neural network is proposed to carry out cooperative detection of short-wave signals. In this paper, the definition of effective detection probability is given, the constraints of effective detection are sorted out, and the mathematical model of detection equipment scheduling is designed, which is realized by Hopfield neural network. This method uses the global optimization technology to schedule multiple detection sensors, so that different detection sensors can cooperate reasonably and maximize the overall benefit of detection system. Simulation results show the feasibility and effectiveness of the proposed method.

Network Reconnaissance - In the battlefield reconnaissance and monitoring environment, the application of Wireless Sensor Network (WSN) requires high timeliness and reliability of data transmission. To meet the battlefield demand, a transmission protocol is designed in this paper. This protocol combines network coding technology to fully play the function of node collaboration in the transmission process and use the channel broadcast characteristics. The data is transmitted in real-time and reliably through the aggregation node to the command control center, providing a real-time update database for the battlefield commander. Through theoretical and simulation analysis, this protocol can meet the requirements of the battlefield reconnaissance and monitoring environmental log, and the system can still maintain better network performance in the condition of low probability of transmission of battlefield environment.