The Internet of Things, or IoT, is a paradigm in which devices interact with the physical world through sensors and actuators, while still communicating with other computers over various types of networks. IoT devices can be found in many environments, often in the hands of non-technical users. This presents unique security concerns, since compromised devices can be used not only for typical objectives like network footholds, but also to cause harm in the real world (for instance, by unlocking the door to a house or changing safety configurations in an industrial control system). This work in progress paper presents a series of laboratory exercises under development at a large Midwestern university that introduces undergraduate cyber security engineering students to the Internet of Things and its (in)security considerations. The labs will be part of a 400-level technical elective course offered to cyber security engineering majors. The design of the labs has been grounded in the experiential learning process. The concepts in each lab module are couched in hands-on activities and integrate real world problems into the laboratory environment. The laboratory exercises are conducted using an Internet testbed and a combination of actual IoT devices and virtualized devices to showcase various IoT environments, vulnerabilities, and attacks.

The last decade has shown that networked cyberphysical systems (NCPS) are the future of critical infrastructure such as transportation systems and energy production. However, they have introduced an uncharted territory of security vulnerabilities and a wider attack surface, mainly due to network openness and the deeply integrated physical and cyber spaces. On the other hand, relying on manual analysis of intrusion detection alarms might be effective in stopping run-of-the-mill automated probes but remain useless against the growing number of targeted, persistent, and often AI-enabled attacks on large-scale NCPS. Hence, there is a pressing need for new research directions to provide advanced protection. This paper introduces a novel security paradigm for emerging NCPS, namely Autonomous CyberPhysical Defense (ACPD). We lay out the theoretical foundations and describe the methods for building autonomous and stealthy cyber-physical defense agents that are able to dynamically hunt, detect, and respond to intelligent and sophisticated adversaries in real time without human intervention. By leveraging the power of game theory and multi-agent reinforcement learning, these selflearning agents will be able to deploy complex cyber-physical deception scenarios on the fly, generate optimal and adaptive security policies without prior knowledge of potential threats, and defend themselves against adversarial learning. Nonetheless, serious challenges including trustworthiness, scalability, and transfer learning are yet to be addressed for these autonomous agents to become the next-generation tools of cyber-physical defense.

Deploying Connected and Automated Vehicles (CAVs) on top of 5G and Beyond networks (5GB) makes them vulnerable to increasing vectors of security and privacy attacks. In this context, a wide range of advanced machine/deep learningbased solutions have been designed to accurately detect security attacks. Specifically, supervised learning techniques have been widely applied to train attack detection models. However, the main limitation of such solutions is their inability to detect attacks different from those seen during the training phase, or new attacks, also called zero-day attacks. Moreover, training the detection model requires significant data collection and labeling, which increases the communication overhead, and raises privacy concerns. To address the aforementioned limits, we propose in this paper a novel detection mechanism that leverages the ability of the deep auto-encoder method to detect attacks relying only on the benign network traffic pattern. Using federated learning, the proposed intrusion detection system can be trained with large and diverse benign network traffic, while preserving the CAVs’ privacy, and minimizing the communication overhead. The in-depth experiment on a recent network traffic dataset shows that the proposed system achieved a high detection rate while minimizing the false positive rate, and the detection delay.

An intrusion detection system (IDS) is a crucial software or hardware application that employs security mechanisms to identify suspicious activity in a system or network. According to the detection technique, IDS is divided into two, namely signature-based and anomaly-based. Signature-based is said to be incapable of handling zero-day attacks, while anomaly-based is able to handle it. Machine learning techniques play a vital role in the development of IDS. There are differences of opinion regarding the most optimal algorithm for IDS classification in several previous studies, such as Random Forest, J48, and AdaBoost. Therefore, this study aims to evaluate the performance of the three algorithm models, using the NSL-KDD and UNSW-NB15 datasets used in previous studies. Empirical results demonstrate that utilizing AdaBoost+J48 with NSL-KDD achieves an accuracy of 99.86\%, along with precision, recall, and f1-score rates of 99.9\%. These results surpass previous studies using AdaBoost+Random Tree, with an accuracy of 98.45\%. Furthermore, this research explores the effectiveness of anomaly-based systems in dealing with zero-day attacks. Remarkably, the results show that anomaly-based systems perform admirably in such scenarios. For instance, employing Random Forest with the UNSW-NB15 dataset yielded the highest performance, with an accuracy rating of 99.81\%.

The most serious risk to network security can arise from a zero-day attack. Zero-day attacks are challenging to identify as they exhibit unseen behavior. Intrusion detection systems (IDS) have gained considerable attention as an effective tool for detecting such attacks. IDS are deployed in network systems to monitor the network and to detect any potential threats. Recently, a lot of Machine learning (ML) and Deep Learning (DL) techniques have been employed in Intrusion Detection Systems, and it has been found that these techniques can detect zero-day attacks efficiently. This paper provides an overview of the background, importance, and different types of ML and DL techniques adopted for detecting zero-day attacks. Then it conducts a comprehensive review of recent ML and DL techniques for detecting zero-day attacks and discusses the associated issues. Further, we analyze the results and highlight the research challenges and future scope for improving the ML and DL approaches for zero-day attack detection.

Scientific and technological advancements, particularly in IoT, have greatly enhanced the quality of life in society. Nevertheless, resource constrained IoT devices are now connected to the Internet through IPv6 and 6LoWPAN networks, which are often unreliable and untrusted. Securing these devices with robust security measures poses a significant challenge. Despite implementing encryption and authentication, these devices remain vulnerable to wireless attacks from within the 6LoWPAN network and from the Internet. Researchers have developed various methods to prevent attacks on the RPL protocol within the 6LoWPAN network. However, each method can only detect a limited number of attack types, and there are still several drawbacks that require improvement. This study aims to implement several attack prevention methods, such as Lightweight Heartbeat Protocol, SVELTE, and Contiki IDS. The study will provide an overview of these methods theories and simulate them on Contiki OS using Cooja software to assess their performance. The study s results demonstrate a correlation between the simulated data and the proposed theories. Furthermore, the study identifies and evaluates the strengths and weaknesses of these methods, highlighting areas that can be improved upon.

IoT technology establishes a platform for automating services by connecting diverse objects through the Internet backbone. However, the integration of IoT networks also introduces security challenges, rendering IoT infrastructure susceptible to cyber-attacks. Notably, Distributed Denial of Service (DDoS) attacks breach the authorization conditions and these attacks have the potential to disrupt the physical functioning of the IoT infrastructure, leading to significant financial losses and even endangering human lives. Yet, maintaining availability even when networking elements malfunction has not received much attention. This research paper introduces a novel Twin eye Architecture, which includes dual gateway connecting every IoT access network to provide reliability even with the failure or inaccessibility of connected gateway. It includes the module called DDoS Manager that is molded into the gateway to recognize the dangling of the gateway. The effectiveness of the proposed model is evaluated using dataset simulated in NS3 environment. The results highlight the outstanding performance of the proposed model, achieving high accuracy rates. These findings demonstrate the proposed network architecture continues to provide critical authentication services even upon the failure of assigned gateway.

The internal attack launched by compromised nodes is a serious security risk in distributed networks. It is due to the openness of wireless channel and the lack of trust relationships between nodes. The trust model is an interesting approach to detect and remove these compromised nodes from the trusted routing table and maintain trust relationships in distributed networks. However, how to construct the secure dominating node to aggregate and forward the information is an enormous challenge in distributed networks. In this paper, a distributed construction algorithm of multi-layer connected dominating set is proposed for secure routing with trust models. The probabilities of nodes being compromised, combined with the trust value of the trust model, are used to construct a trusted multi-layer connected dominating set. Moreover, the impact of a node being compromised on the distributed network is quantified as loss expectation. The simulation results show that the proposed algorithm can effectively reduce the impact of nodes being compromised on the distributed network, and enhance the security of the network.

Frequency hopping (FH) technology is one of the most effective technologies in the field of radio countermeasures, meanwhile, the recognition of FH signal has become a research hotspot. FH signal is a typical non-stationary signal whose frequency varies nonlinearly with time and the time-frequency analysis technique provides a very effective method for processing this kind of signal. With the renaissance of deep learning, methods based on time-frequency analysis and deep learning are widely studied. Although these methods have achieved good results, the recognition accuracy still needs to be improved. Through the observation of the datasets, we found that there are still difficult samples that are difficult to identify. Through further analysis, we propose a horizontal spatial attention (HSA) block, which can generate spatial weight vector according to the signal distribution, and then readjust the feature map. The HSA block is a plug-and-play module that can be integrated into common convolutional neural network (CNN) to further improve their performance and these networks with HSA block are collectively called HANets. The HSA block also has the advantages of high recognition accuracy (especially under low SNRs), easy to implant, and almost no influence on the number of parameters. We verified our method on two datasets and a series of comparative experiments show that the proposed method achieves good results on FH datasets.

According to the idea of zero trust, this paper proposed an anonymous identity authentication scheme based on hash functions and pseudo-random number generators, which effectively increased the anonymity and confidentiality when users use the mobile networks, and ensure the security of the server. This scheme first used single-packet authentication technology to realize the application stealth. Secondly, hash functions and pseudo-random number generators were used to replace public key cryptosystems and time synchronization systems, which improved system performance. Thirdly, different methods were set to save encrypted information on the user s mobile device and the server, which realized different forms of anonymous authentication and negotiates a secure session key. Through security analysis, function and performance comparison, the results showed that the scheme had better security, flexibility and practicality, while maintained good communication efficiency.

In recent days, security and privacy is becoming a challenge due to the rapid development of technology. In 2021, Khan et al. proposed an authentication and key agreement framework for smart grid network and claimed that the proposed protocol provides security against all well-known attacks. However, in this paper, we present the analysis and shows that the protocol proposed by Khan et al has failed to protect the secrecy of the shared session key between the user and service provider. An adversary can derive the session key (online) by intercepting the communicated messages under the Dolev-Yao threat model. We simulated Khan et al.’s protocol for formal security verification using Tamarin Prover and found a trace for deriving the temporary key. It is used to encrypt the login request that includes the user’s secret credentials. Hence, it also fails to preserve the privacy of the user’s credentials, and therefore any adversary can impersonate the user. As a result, the protocol proposed by Khan et al. is not suitable for practical applications.

Network Intrusion Detection Systems (NIDS) monitor networking environments for suspicious events that could compromise the availability, integrity, or confidentiality of the network’s resources. To ensure NIDSs play their vital roles, it is necessary to identify how they can be attacked by adopting a viewpoint similar to the adversary to identify vulnerabilities and defenses hiatus. Accordingly, effective countermeasures can be designed to thwart any potential attacks. Machine learning (ML) approaches have been adopted widely for network anomaly detection. However, it has been found that ML models are vulnerable to adversarial attacks. In such attacks, subtle perturbations are inserted to the original inputs at inference time in order to evade the classifier detection or at training time to degrade its performance. Yet, modeling adversarial attacks and the associated threats of employing the machine learning approaches for NIDSs was not addressed. One of the growing challenges is to avoid ML-based systems’ diversity and ensure their security and trust. In this paper, we conduct threat modeling for ML-based NIDS using STRIDE and Attack Tree approaches to identify the potential threats on different levels. We model the threats that can be potentially realized by exploiting vulnerabilities in ML algorithms through a simplified structural attack tree. To provide holistic threat modeling, we apply the STRIDE method to systems’ data flow to uncover further technical threats. Our models revealed a noticing of 46 possible threats to consider. These presented models can help to understand the different ways that a ML-based NIDS can be attacked; hence, hardening measures can be developed to prevent these potential attacks from achieving their goals.

The last decade witnessed a gradual shift from cloudbased computing towards ubiquitous computing, which has put at a greater security risk every element of the computing ecosystem including devices, data, network, and decision making. Indeed, emerging pervasive computing paradigms have introduced an uncharted territory of security vulnerabilities and a wider attack surface, mainly due to network openness, the underlying mechanics that enable intelligent functions, and the deeply integrated physical and cyber spaces. Furthermore, interconnected computing environments now enjoy many unconventional characteristics that mandate a radical change in security engineering tools. This need is further exacerbated by the rapid emergence of new Advanced Persistent Threats (APTs) that target critical infrastructures and aim to stealthily undermine their operations in innovative and intelligent ways. To enable system and network designers to be prepared to face this new wave of dangerous threats, this paper overviews recent APTs in emerging computing systems and proposes a new approach to APTs that is more tailored towards such systems compared to traditional IT infrastructures. The proposed APT lifecycle will inform security decisions and implementation choices in future pervasive networked systems.

Traditional defense methods can only evaluate a single security element and cannot determine the threat of Advanced Persistent Threat (APT) according to multi-source data. This paper proposes a network security situation awareness (NSSA) model to get the network situation under APT attacks based on knowledge graph. Firstly, the vulnerability knowledge graph and APT attack knowledge graph are constructed using public security databases and ATT\&CK (Adversarial Tactics, Techniques, and Common Knowledge), and the targeted knowledge graph APT-NSKG is obtained by combining the two using Bidirectional Encoder Representations from Transformers (BERT). Then, according to the Endsley model and the characteristics of APT , the NSSA model for APT is proposed. The model uses APTNSKG to obtain situation elements, and then comprehensively assesses and predicts the network situation from the perspectives of network asset dimension, vulnerability dimension, security dimension and threat dimension. Finally, the effectiveness of the model is verified by the data from the U.S. Cybersecurity and Infrastructure Security Agency.

Advanced persistent threat (APT) attacks have caused severe damage to many core information infrastructures. To tackle this issue, the graph-based methods have been proposed due to their ability for learning complex interaction patterns of network entities with discrete graph snapshots. However, such methods are challenged by the computer networking model characterized by a natural continuous-time dynamic heterogeneous graph. In this paper, we propose a heterogeneous graph neural network based APT detection method in smart grid clouds. Our model is an encoderdecoder structure. The encoder uses heterogeneous temporal memory and attention embedding modules to capture contextual information of interactions of network entities from the time and spatial dimensions respectively. We implement a prototype and conduct extensive experiments on real-world cyber-security datasets with more than 10 million records. Experimental results show that our method can achieve superior detection performance than state-of-the-art methods.

The new web 3.0 or Web3 is a distributed web technology mainly operated by decentralized blockchain and Artificial Intelligence. The Web 3.0 technologies bring the changes in industry 4.0 especially the business sector. The contribution of this paper to discuss the new web 3.0 (not semantic web) and to explore the essential factors of the new Web 3.0 technologies in business or industry based on 7 layers of decentralized web. The Layers have users, interface, application, execution, settlement, data, and social as main components. The concept 7 layers of decentralized web was introduced by Polynya. This research was carried out using SLR (Systematic Literature Review) methodology to identify certain factors by analyzing high quality papers in the Scopus database. We found 21 essential factors that are Distributed, Real-time, Community, Culture, Productivity, Efficiency, Decentralized, Trust, Security, Performance, Reliability, Scalability, Transparency, Authenticity, Cost Effective, Communication, Telecommunication, Social Network, Use Case, and Business Simulation. We also present opportunities and challenges of the 21 factors in business and Industry.

The computing capability of the embedded systems and bandwidth of the home network increase rapidly due to the rapid development of information and communication technologies. Many home appliances such as TVs, refrigerators, or air conditioners are now connected to the internet, then, the controlling firmware modules are automatically updatable via the network. TR-069 is a widely adopted standard for automatic appliance management and firmware update. Maintaining a TR069 network usually involves the design and deployment of the overall security and trust infrastructure, the update file repository and the update audit mechanisms. Thus, maintaining a dedicated TR-069 network is a heavy burden for the vendors of home appliances. Blockchain is an emerging technology that provides a secure and trust infrastructure based on distributed consensus. This paper reports the results of our initial attempt to design a prototype of a multitenant TR-069 platform based on the blockchain. The core idea is to reify each automatic deployment task as a smart contract instance whose transactions are recorded in the append-only distributed ledger and verified by the peers. Also, the overall design should be transparent to the original TR069 entities. We have built a prototype based on the proposed architecture to verify the feasibility in three key scenarios. The experimental results show that the proposed approach is feasible and is able to scale linearly in proportion to the number of managed devices.

The computing capability of the embedded systems and bandwidth of the home network increase rapidly due to the rapid development of information and communication technologies. Many home appliances such as TVs, refrigerators, or air conditioners are now connected to the internet, then, the controlling firmware modules are automatically updatable via the network. TR-069 is a widely adopted standard for automatic appliance management and firmware update. Maintaining a TR069 network usually involves the design and deployment of the overall security and trust infrastructure, the update file repository and the update audit mechanisms. Thus, maintaining a dedicated TR-069 network is a heavy burden for the vendors of home appliances. Blockchain is an emerging technology that provides a secure and trust infrastructure based on distributed consensus. This paper reports the results of our initial attempt to design a prototype of a multitenant TR-069 platform based on the blockchain. The core idea is to reify each automatic deployment task as a smart contract instance whose transactions are recorded in the append-only distributed ledger and verified by the peers. Also, the overall design should be transparent to the original TR069 entities. We have built a prototype based on the proposed architecture to verify the feasibility in three key scenarios. The experimental results show that the proposed approach is feasible and is able to scale linearly in proportion to the number of managed devices.

Embedded smart devices are widely used in people s life, and the security problems of embedded smart devices are becoming more and more prominent. Meanwhile lots of methods based on software have been presented to boot the system safely and ensure the security of the system execution environment. However, it is easy to attack and destroy the methods based on software, which will cause that the security of the system cannot be guaranteed. Trusted Computing Group proposed the method of using Trusted Platform Module (TPM) to authenticate the credibility of the platform, which can solve the disadvantages of using methods based on software to protect the system. However, due to the limited resource and volume of embedded smart devices, it is impossible to deploy TPM on embedded smart devices to ensure the security of the system operating environment. Therefore, a novel trusted boot model for embedded smart devices without TPM is proposed in this paper, in which a device with TPM provides trusted service to realize the trusted boot of embedded smart devices without TPM through the network and ensure the credibility of the system execution environment.

The continuously growing importance of today’s technology paradigms such as the Internet of Things (IoT) and the new 5G/6G standard open up unique features and opportunities for smart systems and communication devices. Famous examples are edge computing and network slicing. Generational technology upgrades provide unprecedented data rates and processing power. At the same time, these new platforms must address the growing security and privacy requirements of future smart systems. This poses two main challenges concerning the digital processing hardware. First, we need to provide integrated trustworthiness covering hardware, runtime, and the operating system. Whereas integrated means that the hardware must be the basis to support secure runtime and operating system needs under very strict latency constraints. Second, applications of smart systems cover a wide range of requirements where "one- chip-fits-all" cannot be the cost and energy effective way forward. Therefore, we need to be able to provide a scalable hardware solution to cover differing needs in terms of processing resource requirements.In this paper, we discuss our research on an integrated design of a secure and scalable hardware platform including a runtime and an operating system. The architecture is built out of composable and preferably simple components that are isolated by default. This allows for the integration of third-party hardware/software without compromising the trusted computing base. The platform approach improves system security and provides a viable basis for trustworthy communication devices.

Network security isolation technology is an important means to protect the internal information security of enterprises. Generally, isolation is achieved through traditional network devices, such as firewalls and gatekeepers. However, the security rules are relatively rigid and cannot better meet the flexible and changeable business needs. Through the double sandbox structure created for each user, each user in the virtual machine is isolated from each other and security is ensured. By creating a virtual disk in a virtual machine as a user storage sandbox, and encrypting the read and write of the disk, the shortcomings of traditional network isolation methods are discussed, and the application of cloud desktop network isolation technology based on VMwarer technology in universities is expounded.

Pen-testing or penetration testing is an exercise embraced to differentiate and take advantage of all the possible weaknesses in a system or network. It certifies the reasonability or deficiency of the security endeavours which have been executed. Our manuscript shows an outline of pen testing. We examine all systems, the advantages, and respective procedure of pen testing. The technique of pen testing incorporates following stages: Planning of the tests, endlessly tests investigation. The testing stage includes the following steps: Weakness investigation, data gathering and weakness exploitation. This manuscript furthermore shows the application of this procedure to direct pen testing on the model of the web applications.

With the development of information networks, cloud computing, big data, and virtualization technologies promote the emergence of various new network applications to meet the needs of various Internet services. A security protection system for virtual host in cloud computing center is proposed in the article. The system takes "security as a service" as the starting point, takes virtual machines as the core, and takes virtual machine clusters as the unit to provide unified security protection against the borderless characteristics of virtualized computing. The thesis builds a network security protection system for APT attacks; uses the system dynamics method to establish a system capability model, and conducts simulation analysis. The simulation results prove the validity and rationality of the network communication security system framework and modeling analysis method proposed in the thesis. Compared with traditional methods, this method has more comprehensive modeling and analysis elements, and the deduced results are more instructive.

The world has seen a quick transition from hard devices for local storage to massive virtual data centers, all possible because of cloud storage technology. Businesses have grown to be scalable, meeting consumer demands on every turn. Cloud computing has transforming the way we do business making IT more efficient and cost effective that leads to new types of cybercrimes. Securing the data in cloud is a challenging task. Cloud security is a mixture of art and science. Art is to create your own technique and technologies in such a way that the user should be authenticated. Science is because you have to come up with ways of securing your application. Data security refers to a broad set of policies, technologies and controls deployed to protect data application and the associated infrastructure of cloud computing. It ensures that the data has not been accessed by any unauthorized person. Cloud storage systems are considered to be a network of distributed data centers which typically uses cloud computing technologies like virtualization and offers some kind of interface for storing data. Virtualization is the process of grouping the physical storage from multiple network storage devices so that it looks like a single storage device.

From financial transactions to digital voting systems, identity management, and asset monitoring, blockchain technology is increasingly being developed for use in a wide range of applications. The problem of security and privacy in the blockchain ecosystem, which is now a hot topic in the blockchain community, is discussed in this study. The survey’s goal was to investigate this issue by considering several sorts of assaults on the blockchain network in relation to the algorithms offered. Following a preliminary literature assessment, it appears that some attention has been paid to the first use case; however the second use case, to the best of my knowledge, deserves more attention when blockchain is used to investigate it. However, due to the subsequent government mandated secrecy around the implementation of DES, and the distrust of the academic community because of this, a movement was spawned that put a premium on individual privacy and decentralized control. This movement brought together the top minds in encryption and spawned the technology we know of as blockchain today. This survey paper also explores the genesis of encryption, its early adoption, and the government meddling which eventually spawned a movement which gave birth to the ideas behind blockchain. It also closes with a demonstration of blockchain technology used in a novel way to refactor the traditional design paradigms of databases.