Cyber-Physical System (CPS) represents systems that join both hardware and software components to perform real-time services. Maintaining the system's reliability is critical to the continuous delivery of these services. However, the CPS running environment is full of uncertainties and can easily lead to performance degradation. As a result, the need for a recovery technique is highly needed to achieve resilience in the system, with keeping in mind that this technique should be as green as possible. This early doctorate proposal, suggests a game theory solution to achieve resilience and green in CPS. Game theory has been known for its fast performance in decision-making, helping the system to choose what maximizes its payoffs. The proposed game model is described over a real-life collaborative artificial intelligence system (CAIS), that involves robots with humans to achieve a common goal. It shows how the expected results of the system will achieve the resilience of CAIS with minimized CO2 footprint.

Cyber-Physical Systems (CPS) have a physical part that can interact with sensors and actuators. The data that is read from sensors and the one generated to drive actuators is crucial for the correct operation of this class of devices. Most implementations trust the data being read from sensors and the outputted data to actuators. Real-time validation of the input and output of data for any system is crucial for the safety of its operation. This paper proposes an architecture for handling this issue through smart data guards detached from sensors and controllers and acting solely on the data. This mitigates potential issues of malfunctioning sensors and intentional sensor and controller attacks. The data guards understand the expected data, can detect anomalies and can correct them in real-time. This approach adds more guarantees for fault-tolerant behavior in the presence of attacks and sensor failures.

Security is a critical aspect in the process of designing, developing, and testing software systems. Due to the increasing need for security-related skills within software systems, there is a growing demand for these skills to be taught in computer science. A series of security modules was developed not only to meet the demand but also to assess the impact of these modules on teaching critical cyber security topics in computer science courses. This full paper in the innovative practice category presents the outcomes of six security modules in a freshman-level course at two institutions. The study adopts a Model-Eliciting Activity (MEA) as a project for students to demonstrate an understanding of the security concepts. Two experimental studies were conducted: 1) Teaching effectiveness of implementing cyber security modules and MEA project, 2) Students’ experiences in conceptual modeling tasks in problem-solving. In measuring the effectiveness of teaching security concepts with the MEA project, students’ performance, attitudes, and interests as well as the instructor’s effectiveness were assessed. For the conceptual modeling tasks in problem-solving, the results of student outcomes were analyzed. After implementing the security modules with the MEA project, students showed a great understanding of cyber security concepts and an increased interest in broader computer science concepts. The instructor’s beliefs about teaching, learning, and assessment shifted from teacher-centered to student-centered during their experience with the security modules and MEA project. Although 64.29% of students’ solutions do not seem suitable for real-world implementation, 76.9% of the developed solutions showed a sufficient degree of creativity.

To solve the problem of an excessive number of component vulnerabilities and limited defense resources in industrial cyber physical systems, a method for analyzing security critical components of system is proposed. Firstly, the components and vulnerability information in the system are modeled based on SysML block definition diagram. Secondly, as SysML block definition diagram is challenging to support direct analysis, a block security dependency graph model is proposed. On this basis, the transformation rules from SysML block definition graph to block security dependency graph are established according to the structure of block definition graph and its vulnerability information. Then, the calculation method of component security importance is proposed, and a security critical component analysis tool is designed and implemented. Finally, an example of a Drone system is given to illustrate the effectiveness of the proposed method. The application of this method can provide theoretical and technical support for selecting key defense components in the industrial cyber physical system.

Steady advancement in Artificial Intelligence (AI) development over recent years has caused AI systems to become more readily adopted across industry and military use-cases globally. As powerful as these algorithms are, there are still gaping questions regarding their security and reliability. Beyond adversarial machine learning, software supply chain vulnerabilities and model backdoor injection exploits are emerging as potential threats to the physical safety of AI reliant CPS such as autonomous vehicles. In this work in progress paper, we introduce the concept of AI supply chain vulnerabilities with a provided proof of concept autonomous exploitation framework. We investigate the viability of algorithm backdoors and software third party library dependencies for applicability into modern AI attack kill chains. We leverage an autonomous vehicle case study for demonstrating the applicability of our offensive methodologies within a realistic AI CPS operating environment.

Third-party libraries with rich functionalities facilitate the fast development of JavaScript software, leading to the explosive growth of the NPM ecosystem. However, it also brings new security threats that vulnerabilities could be introduced through dependencies from third-party libraries. In particular, the threats could be excessively amplified by transitive dependencies. Existing research only considers direct dependencies or reasoning transitive dependencies based on reachability analysis, which neglects the NPM-specific dependency resolution rules as adapted during real installation, resulting in wrongly resolved dependencies. Consequently, further fine-grained analysis, such as precise vulnerability propagation and their evolution over time in dependencies, cannot be carried out precisely at a large scale, as well as deriving ecosystem-wide solutions for vulnerabilities in dependencies. To fill this gap, we propose a knowledge graph-based dependency resolution, which resolves the inner dependency relations of dependencies as trees (i.e., dependency trees), and investigates the security threats from vulnerabilities in dependency trees at a large scale. Specifically, we first construct a complete dependency-vulnerability knowledge graph (DVGraph) that captures the whole NPM ecosystem (over 10 million library versions and 60 million well-resolved dependency relations). Based on it, we propose a novel algorithm (DTResolver) to statically and precisely resolve dependency trees, as well as transitive vulnerability propagation paths, for each package by taking the official dependency resolution rules into account. Based on that, we carry out an ecosystem-wide empirical study on vulnerability propagation and its evolution in dependency trees. Our study unveils lots of useful findings, and we further discuss the lessons learned and solutions for different stakeholders to mitigate the vulnerability impact in NPM based on our findings. For example, we implement a dependency tree based vulnerability remediation method (DTReme) for NPM packages, and receive much better performance than the official tool (npm audit fix).

Documents are a common method of storing infor-mation and one of the most conventional forms of expression of ideas. Cloud servers store a user's documents with thousands of other users in place of physical storage devices. Indexes corresponding to the documents are also stored at the cloud server to enable the users to retrieve documents of their interest. The index includes keywords, document identities in which the keywords appear, along with Term Frequency-Inverse Document Frequency (TF-IDF) values which reflect the keywords' relevance scores of the dataset. Currently, there are no efficient methods to delete keywords from millions of documents over cloud servers while avoiding any compromise to the user's privacy. Most of the existing approaches use algorithms that divide a bigger problem into sub-problems and then combine them like divide and conquer problems. These approaches don't focus entirely on fine-grained deletion. This work is focused on achieving fine-grained deletion of keywords by keeping the size of the TF-IDF matrix constant after processing the deletion query, which comprises of keywords to be deleted. The experimental results of the proposed approach confirm that the precision of ranked search still remains very high after deletion without recalculation of the TF-IDF matrix.

Side Channel Attacks (SCAs), an attack that exploits the physical information generated when an encryption algorithm is executed on a device to recover the key, has become one of the key threats to the security of encrypted devices. Recently, with the development of deep learning, deep learning techniques have been applied to SCAs with good results on publicly available dataset experiences. In this paper, we propose a power traces decomposition method that divides the original power traces into two parts, where the data-influenced part is defined as data power traces (Tdata) and the other part is defined as device constant power traces, and use the Tdata for training the network model, which has more obvious advantages than using the original power traces for training the network model. To verify the effectiveness of the approach, we evaluated the ATXmega128D4 microcontroller by capturing the power traces generated when implementing AES-128. Experimental results show that network models trained using Tdata outperform network models trained using raw power traces (Traw ) in terms of classification accuracy, training time, cross-subkey recovery key, and cross-device recovery key.

The new paradigm software-defined networking (SDN) supports network innovation and makes the control of network operations more agile. The flow table is the main component of SDN switch which contains a set of flow entries that define how new flows are processed. Low-rate distributed denial-of-service (LR-DDoS) attacks are difficult to detect and mitigate because they behave like legitimate users. There are many detection methods for LR DDoS attacks in the literature, but none of these methods detect single-packet LR DDoS attacks. In fact, LR DDoS attackers exploit vulnerabilities in the mechanism of congestion control in TCP to either periodically retransmit burst attack packets for a short time period or to continuously launch a single attack packet at a constant low rate. In this paper, the proposed scheme detects LR-DDoS by examining all incoming packets and filtering the single packets sent from different source IP addresses to the same destination at a constant low rate. Sending single packets at a constant low rate will increase the number of flows at the switch which can make it easily overflowed. After detecting the single attack packets, the proposed scheme prevents LR-DDoS at its early stage by deleting the flows created by these packets once they reach the threshold. According to the results of the experiment, the scheme achieves 99.47% accuracy in this scenario. In addition, the scheme has simple logic and simple calculation, which reduces the overhead of the SDN controller.

Distributed Denial of Service (DDoS) attacks aim to make a server unresponsive by flooding the target server with a large volume of packets (Volume based DDoS attacks), by keeping connections open for a long time and exhausting the resources (Low and Slow DDoS attacks) or by targeting protocols (Protocol based attacks). Volume based DDoS attacks that flood the target server with a large number of packets are easier to detect because of the abnormality in packet flow. Low and Slow DDoS attacks, however, make the server unavailable by keeping connections open for a long time, but send traffic similar to genuine traffic, making detection of such attacks difficult. This paper proposes a solution to detect and mitigate one such Low and slow DDoS attack, Slowloris in an SDN (Software Defined Networking) environment. The proposed solution involves communication between the detection and mitigation module and the controller of the Software Defined Network to get data to detect and mitigate low and slow DDoS attack.

Network security is a prominent topic that is gaining international attention. Distributed Denial of Service (DDoS) attack is often regarded as one of the most serious threats to network security. Software Defined Network (SDN) decouples the control plane from the data plane, which can meet various network requirements. But SDN can also become the object of DDoS attacks. This paper proposes an automated DDoS attack mitigation method that is based on the programmability of the Ryu controller and the features of the OpenFlow switch flow tables. The Mininet platform is used to simulate the whole process, from SDN traffic generation to using a K-Nearest Neighbor model for traffic classification, as well as identifying and mitigating DDoS attack. The packet counts of the victim's malicious traffic input port are significantly lower after the mitigation method is implemented than before the mitigation operation. The purpose of mitigating DDoS attack is successfully achieved.

DDoS attacks produce a lot of traffic on the network. DDoS attacks may be fought in a novel method thanks to the rise of Software Defined Networking (SDN). DDoS detection and data gathering may lead to larger system load utilization among SDN as well as systems, much expense of SDN, slow reaction period to DDoS if they are conducted at regular intervals. Using the Identification Retrieval algorithm, we offer a new DDoS detection framework for detecting resource scarcity type DDoS attacks. In designed to check low-density DDoS attacks, we employ a combination of network traffic characteristics. The KSVD technique is used to generate a dictionary of network traffic parameters. In addition to providing legitimate and attack traffic models for dictionary construction, the suggested technique may be used to network traffic as well. Matching Pursuit and Wavelet-based DDoS detection algorithms are also implemented and compared using two separate data sets. Despite the difficulties in identifying LR-DoS attacks, the results of the study show that our technique has a detection accuracy of 89%. DDoS attacks are explained for each type of DDoS, and how SDN weaknesses may be exploited. We conclude that machine learning-based DDoS detection mechanisms and cutoff point DDoS detection techniques are the two most prevalent methods used to identify DDoS attacks in SDN. More significantly, the generational process, benefits, and limitations of each DDoS detection system are explained. This is the case in our testing environment, where the intrusion detection system (IDS) is able to block all previously identified threats

Software Defined Networking (SDN) is an emerging technology, which provides the flexibility in communicating among network. Software Defined Network features separation of the data forwarding plane from the control plane which includes controller, resulting centralized network. Due to centralized control, the network becomes more dynamic, and resources are managed efficiently and cost-effectively. Network Virtualization is transformation of network from hardware-based to software-based. Network Function Virtualization will permit implementation, adaptable provisioning, and even management of functions virtually. The use of virtualization of SDN networks permits network to strengthen the features of SDN and virtualization of NFV and has for that reason has attracted notable research awareness over the last few years. SDN platform introduces network security challenges. The network becomes vulnerable when a large number of requests is encapsulated inside packet\_in messages and passed to controller from switch for instruction, if it is not recognized by existing flow entry rules. which will limit the resources and become a bottleneck for the entire network leading to DDoS attack. It is necessary to have quick provisional methods to prevent the switches from breaking down. To resolve this problem, the researcher develops a mechanism that detects and mitigates flood attacks. This paper provides a comprehensive survey which includes research relating frameworks which are utilized for detecting attack and later mitigation of flood DDoS attack in Software Defined Network (SDN) with the help of NFV.

This paper mainly explores the detection and defense of DDoS attacks in the SDN architecture of the 5G environment, and proposes a DDoS attack detection method based on the deep learning two-level model CNN-LSTM in the SDN network. Not only can it greatly improve the accuracy of attack detection, but it can also reduce the time for classifying and detecting network traffic, so that the transmission of DDoS attack traffic can be blocked in time to ensure the availability of network services.

This paper studies Distributed Denial of Service (DDoS) attack detection by adopting the Deep Neural Network (DNN) model in Software Defined Networking (SDN). We first deploy the flow collector module to collect the flow table entries. Considering the detection efficiency of the DNN model, we also design some features manually in addition to the features automatically obtained by the flow table. Then we use the preprocessed data to train the DNN model and make a prediction. The overall detection framework is deployed in the SDN controller. The experiment results illustrate DNN model has higher accuracy in identifying attack traffic than machine learning algorithms, which lays a foundation for the defense against DDoS attack.

In recent years, new types of cyber attacks called targeted attacks have been observed. It targets specific organizations or individuals, while usual large-scale attacks do not focus on specific targets. Organizations have published many Word or PDF files on their websites. These files may provide the starting point for targeted attacks if they include hidden data unintentionally generated in the authoring process. Adhatarao and Lauradoux analyzed hidden data found in the PDF files published by security agencies in many countries and showed that many PDF files potentially leak information like author names, details on the information system and computer architecture. In this study, we analyze hidden data of PDF files published on the website of police agencies in Japan and compare the results with Adhatarao and Lauradoux's. We gathered 110989 PDF files. 56% of gathered PDF files contain personal names, organization names, usernames, or numbers that seem to be IDs within the organizations. 96% of PDF files contain software names.

Web services use server-side input sanitization to guard against harmful input. Some web services publish their sanitization logic to make their client interface more usable, e.g., allowing clients to debug invalid requests locally. However, this usability practice poses a security risk. Specifically, services may share the regexes they use to sanitize input strings - and regex-based denial of service (ReDoS) is an emerging threat. Although prominent service outages caused by ReDoS have spurred interest in this topic, we know little about the degree to which live web services are vulnerable to ReDoS. In this paper, we conduct the first black-box study measuring the extent of ReDoS vulnerabilities in live web services. We apply the Consistent Sanitization Assumption: that client-side sanitization logic, including regexes, is consistent with the sanitization logic on the server-side. We identify a service's regex-based input sanitization in its HTML forms or its API, find vulnerable regexes among these regexes, craft ReDoS probes, and pinpoint vulnerabilities. We analyzed the HTML forms of 1,000 services and the APIs of 475 services. Of these, 355 services publish regexes; 17 services publish unsafe regexes; and 6 services are vulnerable to ReDoS through their APIs (6 domains; 15 subdomains). Both Microsoft and Amazon Web Services patched their web services as a result of our disclosure. Since these vulnerabilities were from API specifications, not HTML forms, we proposed a ReDoS defense for a popular API validation library, and our patch has been merged. To summarize: in client-visible sanitization logic, some web services advertise Re-DoS vulnerabilities in plain sight. Our results motivate short-term patches and long-term fundamental solutions. “Make measurable what cannot be measured.” -Galileo Galilei

Video summarization aims to improve the efficiency of large-scale video browsing through producting concise summaries. It has been popular among many scenarios such as video surveillance, video review and data annotation. Traditional video summarization techniques focus on filtration in image features dimension or image semantics dimension. However, such techniques can make a large amount of possible useful information lost, especially for many videos with rich text semantics like interviews, teaching videos, in that only the information relevant to the image dimension will be retained. In order to solve the above problem, this paper considers video summarization as a continuous multi-dimensional decision-making process. Specifically, the summarization model predicts a probability for each frame and its corresponding text, and then we designs reward methods for each of them. Finally, comprehensive summaries in two dimensions, i.e. images and semantics, is generated. This approach is not only unsupervised and does not rely on labels and user interaction, but also decouples the semantic and image summarization models to provide more usable interfaces for subsequent engineering use.

Currently in El Salvador, efforts are being made to implement the digital signature and as part of this technology, a Public Key Infrastructure (PKI) is required, which must validate Certificate Authorities (CA). For a CA, it is necessary to implement the software that allows it to manage digital certificates and perform security procedures for the execution of cryptographic operations, such as encryption, digital signatures, and non-repudiation of electronic transactions. The present work makes a proposal for a digital certificate management system according to the Digital Signature Law of El Salvador and secure cryptography standards. Additionally, a security discussion is accomplished.

With the development of technology, the invention of computers, the use of cyberspace created by information communication systems and networks, increasing the effectiveness of knowledge in all aspects and the gains it provides have increased further the importance of cyber security day by day. In parallel with the developments in cyber space, the need for cyber defense has emerged with active and passive defense approaches for cyber security against internal and external cyber-attacks of increasing type, severity and complexity. In this framework, proactive cyber defense and deterrence strategies have started to be implemented with new techniques and methods.