Network Security Architecture - As a result of globalization, the COVID-19 pandemic and the migration of data to the cloud, the traditional security measures where an organization relies on a security perimeter and firewalls do not work. There is a shift to a concept whereby resources are not being trusted, and a zero-trust architecture (ZTA) based on a zero-trust principle is needed. Adapting zero trust principles to networks ensures that a single insecure Application Protocol Interface (API) does not become the weakest link comprising of Critical Data, Assets, Application and Services (DAAS). The purpose of this paper is to review the use of zero trust in the security of a network architecture instead of a traditional perimeter. Different software solutions for implementing secure access to applications and services for remote users using zero trust network access (ZTNA) is also summarized. A summary of the author’s research on the qualitative study of “Insecure Application Programming Interface in Zero Trust Networks” is also discussed. The study showed that there is an increased usage of zero trust in securing networks and protecting organizations from malicious cyber-attacks. The research also indicates that APIs are insecure in zero trust environments and most organization are not aware of their presence.

Network Security Architecture - Design a new generation of smart power meter components, build a smart power network, implement power meter safety protection, and complete smart power meter network security protection. The new generation of smart electric energy meters mainly complete legal measurement, safety fee control, communication, control, calculation, monitoring, etc. The smart power utilization structure network consists of the master station server, front-end processor, cryptographic machine and master station to form a master station management system. Through data collection and analysis, the establishment of intelligent energy dispatching operation, provides effective energy-saving policy algorithms and strategies, and realizes energy-smart electricity use manage. The safety protection architecture of the electric energy meter is designed from the aspects of its own safety, full-scenario application safety, and safety management. Own security protection consists of hardware security protection and software security protection. The full-scene application security protection system includes four parts: boundary security, data security, password security, and security monitoring. Security management mainly provides application security management strategies and security responsibility division strategies. The construction of the intelligent electric energy meter network system lays the foundation for network security protection.

Network Security Architecture - Software-Defined Networking or SDN (Software-Defined Networking) is a technology for software control and management of the network in order to improve its properties. Unlike classic network management technologies, which are complex and decentralized, SDN technology is a much more flexible and simple system. The new architecture may be vulnerable to several attacks leading to resource depletion and preventing the SDN controller from providing support to legitimate users. One such attack is the Distributed Denial of Service (DDoS), which is on the rise today. We suggest Modified-DDoSNet, a system for detecting DDoS attacks in the SDN environment. A model based on Deep Learning (DL) techniques will be implemented, combining a Recurrent Neural Network (RNN) with an Autoencoder. The proposed model, which was first trained to detect attacks, was implemented in the security architecture of the SDN network, as a new component. The security architecture of the SDN network contains a total of 13 components, each of which represents an individual part of the architecture, where the first component is the RNN - autoencoder. The model itself, which is the first component, was trained in the CICDDoS2019 dataset. It has high reliability for attack detection, which increases the security of the SDN network architecture.

Network on Chip Security - This paper designs a network security protection system based on artificial intelligence technology from two aspects of hardware and software. The system can simultaneously collect Internet public data and secret-related data inside the unit, and encrypt it through the TCM chip solidified in the hardware to ensure that only designated machines can read secret-related materials. The data edgecloud collaborative acquisition architecture based on chip encryption can realize the cross-network transmission of confidential data. At the same time, this paper proposes an edge-cloud collaborative information security protection method for industrial control systems by combining endaddress hopping and load balancing algorithms. Finally, using WinCC, Unity3D, MySQL and other development environments comprehensively, the feasibility and effectiveness of the system are verified by experiments.

Network Coding - Precise binary code vulnerability detection is a significant research topic in software security. Currently, the majority of software is released in binary form, and the corresponding vulnerability detection approaches for binary code are desired. Existing deep learning-based detection techniques can only detect binary code vulnerabilities but cannot precisely identify the types of vulnerabilities. This paper proposes a Binary code-based Hybrid neural network for Multiclass Vulnerability Detection, dubbed BHMVD. BHMVD generates binary slices according to the control dependence and data dependence of library/API function calls, and then extracts syntax features from binary slices to generate type slices, which can help identify vulnerability types. This paper uses a hybrid neural network of CNN-BLSTM to extract vulnerability features from binary and type slices. The former extracts local features, while the latter extracts global features. Experiment results on 19 types of vulnerabilities show that BHMVD is effective for binary code-based multiclass vulnerability detection, and using a hybrid neural network can improve detection ability.

Network Coding - Software vulnerabilities, caused by unintentional flaws in source codes, are the main root cause of cyberattacks. Source code static analysis has been used extensively to detect the unintentional defects, i.e. vulnerabilities, introduced into the source codes by software developers. In this paper, we propose a deep learning approach to detect vulnerabilities from their LLVM IR representations based on the techniques that have been used in natural language processing. The proposed approach uses a hierarchical process to first identify source codes with vulnerabilities, and then it identifies the lines of codes that contribute to the vulnerability within the detected source codes. This proposed twostep approach reduces the false alarm of detecting vulnerable lines. Our extensive experiment on real-world and synthetic codes collected in NVD and SARD shows high accuracy (about 98\%) in detecting source code vulnerabilities 1.

Named Data Network Security - Design of the English APP security verification framework based on fusion IP-Address-MAC data features is studied in the paper. APP is named the client application, including third-party applications on PCs and mobile terminals, that is, smartphones. At present, Praat has become a software commonly used by researchers in the world of experimental phonetics, linguistics, language investigation, language processing and other related fields. Under this background, our target is selected to be the English AP. For the design of the framework, node forms a corresponding topology table according to the neighbor list detected by itself and the topology information obtained from the received TC message. To deal with the challenge of the high robustness, the IP and MAC data analysis are both considered. Through the data collection, processing and the further fusion, the comprehensive system is implemented. The proposed model is tested under different testing scenarios.

Multiple Fault Diagnosis - In this article, fault detection (FD) method for multiple device open-circuit faults (OCFs) in modified neutral-point- clamped (NPC) inverters has been introduced using Average Current Park Vector (ACPV) algorithm. The proposed FD design circuit is loadindependent and requires only the converter 3- phase output current. The validity of the results has been demonstrated for OCF diagnostics using a 3-level inverter with one faulty switch. This article examines ACPV techniques for diagnosing multiple fault switches on the single-phase leg of 3-step NPC inverter. This article discusses fault tolerance for a single battery or inverter switch during a standard, active level 3 NPC inverter with connected neutral points. The primary goal here is to detect and locate open circuits in inverter switches. As a result, simulations and experiments are used to investigate and validate a FD algorithm based on a current estimator and two fault localization algorithms based on online adaptation of the space vector modulation (S VM) and the pulse pattern injection principle. This technique was efficiently investigated and provides three-stage modified NPC signature table that accounts for all possible instances of fault. The Matlab / S imulink software is used to validate the introduced signature table for the convergence of permanent magnet motors.

Moving Target Defense - As cyberattacks continuously threaten conventional defense techniques, Moving Target Defense (MTD) has emerged as a promising countermeasure to defend a system against them by dynamically changing attack surfaces of the system. MTD provides the system a state-of-art security mechanism that increases the attack cost or complexity of the system aiming for reducing vulnerabilities exposed to potential attackers. However, the notion of the proactive and dynamic systems adopting MTD services causes a substantial trade-off between system performance and security effectiveness, compared to conventional defense strategies. The MTD tactics accordingly result in performance degradation (e.g., interruptions of service availability) as one of the drawbacks caused by continuous mutations of the system configuration. Therefore, it is crucial to validate not only the security benefits against system threats but also quality-of-service (QoS) for clients when an MTDenabled system proactively continues to mutate attack surfaces. This paper contributes to (i) developing new security metrics; (ii) measuring both the performance degradation and security effectiveness against potential real attacks (i.e., scanning, HTTP flood, dictionary, and SQL injection attack); and (iii) comparing the proposed job management strategies (i.e., drop and switchover) from a performance and security perspective in a physical SDN testbed.

Moving Target Defense - The use of traditional defense mechanisms or intrusion detection systems presents a disadvantage for defenders against attackers since these mechanisms are essentially reactive. Moving target defense (MTD) has emerged as a proactive defense mechanism to reduce this disadvantage by randomly and continuously changing the attack surface of a system to confuse attackers. Although significant progress has been made recently in analyzing the security effectiveness of MTD mechanisms, critical gaps still exist, especially in maximizing security levels and estimating network reconfiguration speed for given attack power. In this paper, we propose a set of Petri Net models and use them to perform a comprehensive evaluation regarding key security metrics of Software-Defined Network (SDNs) based systems adopting a time-based MTD mechanism. We evaluate two use-case scenarios considering two different types of attacks to demonstrate the feasibility and applicability of our models. Our analyses showed that a time-based MTD mechanism could reduce the attackers’ speed by at least 78\% compared to a system without MTD. Also, in the best-case scenario, it can reduce the attack success probability by about ten times.

Multifactor Authentication - The article describes the development and integrated implementation of software modules of photo and video identification system, the system of user voice recognition by 12 parameters, neural network weights, Euclidean distance comparison of real numbers of arrays. The user s biometric data is encrypted and stored in the target folder. Based on the generated data set was developed and proposed a method for synthesizing the parameters of the mathematical model of convolutional neural network represented in the form of an array of real numbers, which are unique identifiers of the user of a personal computer. The training of the training model of multifactor authentication is implemented using categorical cross-entropy. The training sample is generated by adding distorted images by changing the receptive fields of the convolutional neural network. The authors have studied and applied features of simulation modeling of user authorization systems. The main goal of the study is to provide the necessary level of security of user accounts of personal devices. The task of this study is the software implementation of the synthesis of the mathematical model and the training neural network, necessary to provide the maximum level of protection of the user operating system of the device. The result of the research is the developed mathematical model of the software complex of multifactor authentication using biometric technologies, available for users of personal computers and automated workplaces of enterprises.

Multicore Computing Security - Physical memories or RAMs are essential components in a computer system to hold temporary information required for both software and hardware to work properly. When a system’s security is compromised (e.g., due to a malicious application), sensitive information being held in the memories can be leaked out for example to “the cloud”. The RISC-V privileged architecture standard adopts a method called Physical Memory Protection (PMP) to segregate a system’s memory into regions with different policy and permissions to prevent unprivileged software from accessing unauthorized regions. However, PMP does not prevent malicious software from hijacking an Input/Output (IO) device with Direct Memory Access (DMA) capability to indirectly gain unauthorized accesses and hence, a similar method commonly termed as “IOPMP” is being worked on in the RISC-V community. This paper describes an early implementation of IOPMP and how it is used to protect physical memory regions in a RISC-V system. Then, the potential performance impact of IOPMP is briefly elaborated. There are still work to be done and this early IOPMP implementation allows various aspects of the protection method such as its scalability, practicality, and effectiveness etc. to be studied for future enhancement.

Middleware Security - Online advertisements are a significant element of the Internet ecosystem. Businesses monitor their customers via pushing advertising (Ads). Within minutes, cybercriminals try to defraud and steal data through advertisements. Therefore, the issue of ads must be solved. Ads are obtrusive, a security risk, and they hinder performance and efficiency. Hence, the goal is to create an ad-blocker that would operate across the entire network and prevent advertisement on any website s web pages. To put it another way, it s a little computer with such a SoC (System - On - chip) also referred to as a Raspberry Pi that is merged with a networking system, for which we need to retrain the advertisements. On the home network, software named Pi Hole is used to block websites with advertisements. Any network traffic that passes via devices connected to the home network now passes through the Pi. As a result, the adverts are finally checked out during the Raspberry Pi before they reach the users machine and they will be blocked.

Middleware Security - Cybersecurity of power hardware is becoming increasingly critical with the emergence of smart and connected devices such as Grid-connected inverters, EVs and their chargers, microgrid controllers, energy storage / energy management controllers, and smart appliances. Cyber-attacks on power hardware have had far-reaching and widespread impacts. For such cyber-physical systems, security must be ensured at all levels in the design - hardware, firmware, software and interfaces. Although previous approaches to cybersecurity have focused mainly on vulnerabilities in the firmware middleware, or software, vulnerabilities in the hardware itself are hard to identify and harder to mitigate, especially when most hardware components are proprietary and not examinable. This paper presents one approach to mitigate this conundrum - a completely open-source implementation of a microcontroller core along with the associated peripherals based on the well-known RISC-V instruction set architecture (ISA). The proof-of-concept architecture presented here uses the “Shakti” E-Class microcontroller core integrated with a fully custom PWM controller implemented in Verilog, and validated on a Xilinx Artix FPGA. For critical applications such designs may be replicated as a custom ASIC thereby guaranteeing total security of the computing hardware.

Metadata Discovery Problem - Collaborative software development platforms like GitHub have gained tremendous popularity. Unfortunately, many users have reportedly leaked authentication secrets (e.g., textual passwords and API keys) in public Git repositories and caused security incidents and finical loss. Recently, several tools were built to investigate the secret leakage in GitHub. However, these tools could only discover and scan a limited portion of files in GitHub due to platform API restrictions and bandwidth limitations. In this paper, we present SecretHunter, a real-time large-scale comprehensive secret scanner for GitHub. SecretHunter resolves the file discovery and retrieval difficulty via two major improvements to the Git cloning process. Firstly, our system will retrieve file metadata from repositories before cloning file contents. The early metadata access can help identify newly committed files and enable many bandwidth optimizations such as filename filtering and object deduplication. Secondly, SecretHunter adopts a reinforcement learning model to analyze file contents being downloaded and infer whether the file is sensitive. If not, the download process can be aborted to conserve bandwidth. We conduct a one-month empirical study to evaluate SecretHunter. Our results show that SecretHunter discovers 57\% more leaked secrets than state-of-the-art tools. SecretHunter also reduces 85\% bandwidth consumption in the object retrieval process and can be used in low-bandwidth settings (e.g., 4G connections).

Measurement and Metrics Testing - In software regression testing, newly added test cases are more likely to fail, and therefore, should be prioritized for execution. In software regression testing for continuous integration, reinforcement learning-based approaches are promising and the RETECS (Reinforced Test Case Prioritization and Selection) framework is a successful application case. RETECS uses an agent composed of a neural network to predict the priority of test cases, and the agent needs to learn from historical information to make improvements. However, the newly added test cases have no historical execution information, thus using RETECS to predict their priority is more like ‘random’. In this paper, we focus on new test cases for continuous integration testing, and on the basis of the RETECS framework, we first propose a priority assignment method for new test cases to ensure that they can be executed first. Secondly, continuous integration is a fast iterative integration method where new test cases have strong fault detection capability within the latest periods. Therefore, we further propose an additional reward method for new test cases. Finally, based on the full lifecycle management, the ‘new’ additional rewards need to be terminated within a certain period, and this paper implements an empirical study. We conducted 30 iterations of the experiment on 12 datasets and our best results were 19.24\%, 10.67\%, and 34.05 positions better compared to the best parameter combination in RETECS for the NAPFD (Normalized Average Percentage of Faults Detected), RECALL and TTF (Test to Fail) metrics, respectively.

Measurement and Metrics Testing - Fuzz testing is an indispensable test-generation tool in software security. Fuzz testing uses automated directed randomness to explore a variety of execution paths in software, trying to expose defects such as buffer overflows. Since cyber-physical systems (CPS) are often safety-critical, testing models of CPS can also expose faults. However, while existing coverage-guided fuzz testing methods are effective for software, results can be disappointing when applied to CPS, where systems have continuous states and inputs are applied at different points in time.

Measurement and Metrics Testing - Nowadays, attackers are increasingly using UseAfter-Free(UAF) vulnerabilities to create threats against software security. Existing static approaches for UAF detection are capable of finding potential bugs in the large code base. In most cases, analysts perform manual inspections to verify whether the warnings detected by static analysis are real vulnerabilities. However, due to the complex constraints of constructing UAF vulnerability, it is very time and cost-intensive to screen all warnings. In fact, many warnings should be discarded before the manual inspection phase because they are almost impossible to get triggered in real-world, and it is often overlooked by current static analysis techniques.

Measurement and Metrics Testing - Software testing is one of the most critical and essential processes in the software development life cycle. It is the most significant aspect that affects product quality. Quality and service are critical success factors, particularly in the software business development market. As a result, enterprises must execute software testing and invest resources in it to ensure that their generated software products meet the needs and expectations of end-users. Test prioritization and evaluation are the key factors in determining the success of software testing. Test suit coverage metrics are commonly used to evaluate the testing process. Soft Computing techniques like Genetic Algorithms and Particle Swarm Optimization have gained prominence in various aspects of testing. This paper proposes an automated Genetic Algorithm approach to prioritizing the test cases and the evaluation through code coverage metrics with the Coverlet tool. Coverlet is a.NET code coverage tool that works across platforms and supports line, branch, and method coverage. Coverlet gathers data from Cobertura coverage test runs, which are then utilized to generate reports. Resultant test suits generated were validated and analyzed and have had significant improvement over the generations.

Malware Classification - With the rapid development of technology and the increase in the use of Android software, the number of malware has also increased. This study presents a classification as malware/goodware with the features of 4465 Android applications. Cost is an important problem for the increasing number of applications and the analyzes to be made on each application. This study focused on this problem with the hybrid use of Gray Wolf Optimization Algorithm (GWO) and Deep Neural Networks (DNN). With the use of GWO, both feature selection and the features of the model to be created with DNN are determined. In this way, an approximate solution proposal is presented for the most suitable features and the most suitable model design. The model, which was created with the use of GWO-DNN hybrid in this study, offers an F1 score of 99.74%.

MANET Attack Prevention - Since the mid-1990s, the growth of laptops and Wi-Fi networks has led to a great increase in the use of MANET (Mobile ad hoc network) in wireless communication. MANET is a group of mobile devices for example mobile phones, computers, laptops, radios, sensors, etc., that communicate with each other wirelessly without any support from existing internet infrastructure or any other kind of fixed stations. As MANET is an infrastructure-less network it is prone to various attacks, which can lead to loss of information during communication, security breaches or other unauthentic malpractices. Various types of attacks to which MANET can be vulnerable are denial of service (DOS) and packet dropping attacks such as Gray hole, Blackhole, Wormhole, etc. In this research, we are particularly focusing on the detection and prevention of Gray hole attack. Gray hole node drops selective data packets, while participating in the routing process like other nodes, and advertises itself as a genuine node. The Intrusion Detection System (IDS) technique is used for identification and aversion of the Gray hole attack. Use of AODV routing protocol is made in the network. The network is incorporated and simulation parameters such as PDR (Packet Delivery Ratio), Energy Consumption, End-to-end delay, and Throughput are analyzed using simulation software.

Malware Analysis - The effective security system improvement from malware attacks on the Android operating system should be updated and improved. Effective malware detection increases the level of data security and high protection for the users. Malicious software or malware typically finds a means to circumvent the security procedure, even when the user is unaware whether the application can act as malware. The effectiveness of obfuscated android malware detection is evaluated by collecting static analysis data from a data set. The experiment assesses the risk level of which malware dataset using the hash value of the malware and records malware behavior. A set of hash SHA256 malware samples has been obtained from an internet dataset and will be analyzed using static analysis to record malware behavior and evaluate which risk level of the malware. According to the results, most of the algorithms provide the same total score because of the multiple crime inside the malware application.

Malware Analysis - Any software that runs malicious payloads on victims’ computers is referred to as malware. It is an increasing threat that costs people, businesses, and organizations a lot of money. Attacks on security have developed significantly in recent years. Malware may infiltrate both offline and online media, like: chat, SMS, and spam (email, or social media), because it has a built-in defensive mechanism and may conceal itself from antivirus software or even corrupt it. As a result, there is an urgent need to detect and prevent malware before it damages critical assets around the world. In fact, there are lots of different techniques and tools used to combat versus malware. In this paper, the malware samples were analyzing in the Virtual Box environment using in-depth analysis based on reverse engineering using advanced static malware analysis techniques. The results Obtained from malware analysis which represent a set of valuable information, all anti-malware and anti-virus program companies need for in order to update their products.

Information Reuse and Security - In software engineering, the aspect of addressing security requirements is considered to be of paramount importance. In most cases, however, security requirements for a system are considered as non-functional requirements (NFRs) and are addressed at the very end of the software development life cycle. The increasing number of security incidents in software systems around the world has made researchers and developers rethink and consider this issue at an earlier stage. An important and essential step towards this process is the elicitation of relevant security requirements. In a recent work, Imtiaz et al. proposed a framework for creating a mapping between existing requirements and the vulnerabilities associated with them. The idea is that, this mapping can be used by developers to predict potential vulnerabilities associated with new functional requirements and capture security requirements to avoid these vulnerabilities. However, to what extent, such existing vulnerability information can be useful in security requirements elicitation is still an open question. In this paper, we design a human subject study to answer this question. We also present the results of a pilot study and discuss their implications. Preliminary results show that existing vulnerability information can be a useful resource in eliciting security requirements and lays ground work for a full scale study.

Information Reuse and Security - New malware increasingly adopts novel fileless techniques to evade detection from antivirus programs. Process injection is one of the most popular fileless attack techniques. This technique makes malware more stealthy by writing malicious code into memory space and reusing the name and port of the host process. It is difficult for traditional security software to detect and intercept process injections due to the stealthiness of its behavior. We propose a novel framework called ProcGuard for detecting process injection behaviors. This framework collects sensitive function call information of typical process injection. Then we perform a fine-grained analysis of process injection behavior based on the function call chain characteristics of the program, and we also use the improved RCNN network to enhance API analysis on the tampered memory segments. We combine API analysis with deep learning to determine whether a process injection attack has been executed. We collect a large number of malicious samples with process injection behavior and construct a dataset for evaluating the effectiveness of ProcGuard. The experimental results demonstrate that it achieves an accuracy of 81.58\% with a lower false-positive rate compared to other systems. In addition, we also evaluate the detection time and runtime performance loss metrics of ProcGuard, both of which are improved compared to previous detection tools.