We demonstrate an in-house built Endpoint Detection and Response (EDR) for linux systems using open-sourced tools like Osquery and Elastic. The advantage of building an in-house EDR tools against using commercial EDR tools provides both the knowledge and the technical capability to detect and investigate security incidents. We discuss the architecture of the tools and advantages it offers. Specifically, in our method all the endpoint logs are collected at a common server which we leverage to perform correlation between events happening on different endpoints and automatically detect threats like pivoting and lateral movements. We discuss various attacks that can be detected by our tool.

Operating systems are essential software components for any computer. The goal of computer system manu-facturers is to provide a safe operating system that can resist a range of assaults. APTs (Advanced Persistent Threats) are merely one kind of attack used by hackers to penetrate organisations (APT). Here, we will apply the MITRE ATT&CK approach to analyze the security of Windows and Linux. Using the results of a series of vulnerability tests conducted on Windows 7, 8, 10, and Windows Server 2012, as well as Linux 16.04, 18.04, and its most current version, we can establish which operating system offers the most protection against future assaults. In addition, we have shown adversarial reflection in response to threats. We used ATT &CK framework tools to launch attacks on both platforms.

Exploring the efficient vulnerability scanning and detection technology of various tools is one fundamental aim of network security. This network security technique ameliorates the tremendous number of IoT security challenges and the threats they face daily. However, among various tools, Shodan Eye scanning technology has proven to be very helpful for network administrators and security personnel to scan, detect and analyze vulnerable ports and traffic in organizations' networks. This work presents a simulated network scanning activity and manual vulnerability analysis of an internet-connected industrial equipment of two chosen industrial networks (Industry A and B) by running Shodan on a virtually hosted (Oracle Virtual Box)-Linux-based operating system (Kali Linux). The result shows that the shodan eye is a a promising tool for network security and efficient vulnerability research.

As information and communication technologies evolve every day, so does the use of technology in our daily lives. Along with our increasing dependence on digital information assets, security vulnerabilities are becoming more and more apparent. Passwords are a critical component of secure access to digital systems and applications. They not only prevent unauthorized access to these systems, but also distinguish the users of such systems. Research on password predictability often relies on surveys or leaked data. Therefore, there is a gap in the literature for studies that consider real data in this regard. This study investigates the password security awareness of 161 computer engineering students enrolled in a Linux-based undergraduate course at Ataturk University. The study is conducted in two phases, and in the first phase, 12 dictionaries containing also real student data are formed. In the second phase of the study, a dictionary-based brute-force attack is utilized by means of a serial and parallel version of a Bash script to crack the students’ passwords. In this respect, the /etc/shadow file of the Linux system is used as a basis to compare the hashed versions of the guessed passwords. As a result, the passwords of 23 students, accounting for 14% of the entire student group, were cracked. We believe that this is an unacceptably high prediction rate for such a group with high digital literacy. Therefore, due to this important finding of the study, we took immediate action and shared the results of the study with the instructor responsible for administering the information security course that is included in our curriculum and offered in one of the following semesters.

Recent years have witnessed impressive advances in technology which led to the rapid growth of the Internet of Things (IoT) and Wireless Sensor Networks (WSNs) using numerous low-powered devices with a huge number of actuators and sensors. These devices gather and exchange data over the internet and generate enormous amounts of data needed to be secured. Although traditional cryptography provides an efficient means of addressing device and communication confidentiality, integrity, and authenticity issues, it may not be appropriate for very resource-constrained systems, particularly for end-nodes such as a simply connected sensor. Thus, there is an ascent need to use lightweight cryptography (LWC) providing the needed level of security with less complexity, area and energy overhead. In this paper, four lightweight cryptographic algorithms called PRESENT, LED, Piccolo, and SPARX were implemented over a Contiki-based IoT operating system, dedicated for IoT platforms, and assessed regarding RAM and ROM usage, power and energy consumption, and CPU cycles number. The Cooja network simulator is used in this study to determine the best lightweight algorithms to use in IoT applications utilizing wireless sensor networks technology.

Driven by the progress of data and compute-intensive methods in various scientific domains, there is an in-creasing demand from researchers working with highly sensitive data to have access to the necessary computational resources to be able to adapt those methods in their respective fields. To satisfy the computing needs of those researchers cost-effectively, it is an open quest to integrate reliable security measures on existing High Performance Computing (HPC) clusters. The fundamental problem with securely working with sensitive data is, that HPC systems are shared systems that are typically trimmed for the highest performance - not for high security. For instance, there are commonly no additional virtualization techniques employed, thus, users typically have access to the host operating system. Since new vulnerabilities are being continuously discovered, solely relying on the traditional Unix permissions is not secure enough. In this paper, we discuss a generic and secure workflow that can be implemented on typical HPC systems allowing users to transfer, store and analyze sensitive data. In our experiments, we see an advantage in the asynchronous execution of IO requests, while reaching 80 % of the ideal performance.

We have proposed a new Smart Meter Application (SMA) Framework. This application registers consumers at utility provider (Electricity), takes the meter reading for electricity and makes billing. The proposed application might offer higher level of flexibility and security, time saving and trustworthiness between consumers and authority offices. It’s expected that the application will be developed by Flutter to support Android and iOS Mobile Operating Systems.

The prevalence of mobile devices (smartphones) along with the availability of high-speed internet access world-wide resulted in a wide variety of mobile applications that carry a large amount of confidential information. Although popular mobile operating systems such as iOS and Android constantly increase their defenses methods, data shows that the number of intrusions and attacks using mobile applications is rising continuously. Experts use techniques to detect malware before the malicious application gets installed, during the runtime or by the network traffic analysis. In this paper, we first present the information about different categories of mobile malware and threats; then, we classify the recent research methods on mobile malware traffic detection.

Smart phones have become the preferred way for Chinese Internet users currently. The mobile phone traffic is large from the operating system. These traffic is mainly generated by the services. In the context of the universal encryption of the traffic, classification identification of mobile encryption services can effectively reduce the difficulty of analytical difficulty due to mobile terminals and operating system diversity, and can more accurately identify user access targets, and then enhance service quality and network security management. The existing mobile encryption service classification methods have two shortcomings in feature selection: First, the DL model is used as a black box, and the features of large dimensions are not distinguished as input of classification model, which resulting in sharp increase in calculation complexity, and the actual application is limited. Second, the existing feature selection method is insufficient to use the time and space associated information of traffic, resulting in less robustness and low accuracy of the classification. In this paper, we propose a feature enhancement method based on adjacent flow contextual features and evaluate the Apple encryption service traffic collected from the real world. Based on 5 DL classification models, the refined classification accuracy of Apple services is significantly improved. Our work can provide an effective solution for the fine management of mobile encryption services.

Aiming at the current troubles encountered by enterprise employees in their daily work when operating business systems due to web compatibility issues, a dual-core secure browser is designed and developed in the paper based on summarizing the current development status of multi-core browsers, key difficulties and challenges in the field. Based on the Chromium open-source project, the design of a dual-core browser auto-adaptation method is carried out. Firstly, dual-core encapsulation technology is implemented, followed by a study of the core auto-adaptation algorithm, and then a core cookie sharing function is developed based on Hook technology. In addition, the security of the browser is reinforced by designing a cookie manager, adding behavior monitoring functions, and unified platform control to enhance confidentiality and security, providing a safe and secure interface for employees' work and ubiquitous IoT access. While taking security into account, the browser realizes the need for a single browser compatible with all business system web pages of the enterprise, enhancing the operating experience of the client. Finally, the possible future research directions in this field are summarized and prospected.

With the rapid development of Internet Technology in recent years, the demand for security support for complex applications is becoming stronger and stronger. Intel Software Guard Extensions (Intel SGX) is created as an extension of Intel Systems to enhance software security. Intel SGX allows application developers to create so-called enclave. Sensitive application code and data are encapsulated in Trusted Execution Environment (TEE) by enclave. TEE is completely isolated from other applications, operating systems, and administrative programs. Enclave is the core structure of Intel SGX Technology. Enclave supports multi-threading. Thread Control Structure (TCS) stores special information for restoring enclave threads when entering or exiting enclave. Each execution thread in enclave is associated with a TCS. This paper analyzes and verifies the possible security risks of enclave under concurrent conditions. It is found that in the case of multithread concurrency, a single enclave cannot resist flooding attacks, and related threads also throw TCS exception codes.

In this paper, a data-driven security detection approach is proposed in a simple manner. The detector is designed to deal with false data injection attacks suffered by industrial cyber-physical systems with unknown model information. First, the attacks are modeled from the perspective of the generalized plant mismatch, rather than the operating data being tampered. Second, some subsystems are selected to reduce the design complexity of the detector, and based on them, an output estimator with iterative form is presented in a theoretical way. Then, a security detector is constructed based on the proposed estimator and its cost function. Finally, the effectiveness of the proposed approach is verified by simulations of a Western States Coordinated Council 9-bus power system.

As a mature and open mobile operating system, Android runs on many IoT devices, which has led to Android-based IoT devices have become a hotbed of malware. Existing static detection methods for malware using artificial intelligence algorithms focus only on the java code layer when extracting API features, however there is a lot of malicious behavior involving native layer code. Thus, to make up for the neglect of the native code layer, we propose a heterogeneous information network-based Android malware detection method with cross-layer features. We first translate the semantic information of apps and API calls into the form of meta-paths, and construct the adjacency of apps based on API calls, then combine information from different meta-paths using multi-core learning. We implemented our method on the dataset from VirusShare and AndroZoo, and the experimental results show that the accuracy of our method is 93.4%, which is at least 2% higher than other related methods using heterogeneous information networks for malware detection.

In the 21st century, world-leading industries are under the accelerated development of digital transformation. Along with information and data resources becoming more transparent on the Internet, many new network technologies were introduced, but cyber-attack also became a severe problem in cyberspace. Over time, industrial control networks are also forced to join the nodes of the Internet. Therefore, cybersecurity is much more complicated than before, and suffering risk of browsing unknown websites also increases. To practice defenses against cyber-attack effectively, Cyber Range is the best platform to emulate all cyber-attacks and defenses. This article will use VMware virtual machine emulation technology, research cyber range systems under industrial control network architecture, and design and implement an industrial control cyber range system. Using the industrial cyber range to perform vulnerability analyses and exploits on web servers, web applications, and operating systems. The result demonstrates the consequences of the vulnerability attack and raises awareness of cyber security among government, enterprises, education, and other related fields, improving the practical ability to defend against cybersecurity threats.

Steady advancement in Artificial Intelligence (AI) development over recent years has caused AI systems to become more readily adopted across industry and military use-cases globally. As powerful as these algorithms are, there are still gaping questions regarding their security and reliability. Beyond adversarial machine learning, software supply chain vulnerabilities and model backdoor injection exploits are emerging as potential threats to the physical safety of AI reliant CPS such as autonomous vehicles. In this work in progress paper, we introduce the concept of AI supply chain vulnerabilities with a provided proof of concept autonomous exploitation framework. We investigate the viability of algorithm backdoors and software third party library dependencies for applicability into modern AI attack kill chains. We leverage an autonomous vehicle case study for demonstrating the applicability of our offensive methodologies within a realistic AI CPS operating environment.

Attack detection in enterprise networks is increasingly faced with large data volumes, in part high data bursts, and heavily fluctuating data flows that often cause arbitrary discarding of data packets in overload situations which can be used by attackers to hide attack activities. Attack detection systems usually configure a comprehensive set of signatures for known vulnerabilities in different operating systems, protocols, and applications. Many of these signatures, however, are not relevant in each context, since certain vulnerabilities have already been eliminated, or the vulnerable applications or operating system versions, respectively, are not installed on the involved systems. In this paper, we present an approach for clustering data flows to assign them to dedicated analysis units that contain only signature sets relevant for the analysis of these flows. We discuss the performance of this clustering and show how it can be used in practice to improve the efficiency of an analysis pipeline.