Safety-critical systems require resiliency against both cyberattacks and environmental faults. Researches have shown that microkernels can isolate components and limit the capabilities of would-be attackers by confining the attack in the component that it is initiated in. This limits the propagation of faults to sensitive components in the system. Nonetheless, the isolation mechanism in microkernels is not fully investigated for its resiliency against hardware faults. This paper investigates whether microkernels provide protection against hardware faults and, if so, to what extent quantitatively. This work is part of an effort in establishing an overlap between security and reliability with the goal of maximizing both while minimizing their impact on performance. In this work, transient faults are emulated on the seL4 microkernel and Linux kernel using debugger-induced bit flips across random timestamps in benchmark applications. Results show differences in the frequency and final outcome of fault to error manifestation in the seL4 environment compared to the Linux environment, including a reduction in silent data corruptions.

Acoustic communication is a key enabler for underwater Internet of Things networks between autonomous underwater platforms. Underwater Internet of Things networks face a harsh communications environment and limited energy resources which makes them susceptible to interference, whether intentional (i.e., jamming) or unintentional. Resilient, power efficient waveforms and modulation schemes are needed for underwater acoustic communications in order to avoid outages and excessive power drain. We explore the impact of modulation scheme on the resiliency of underwater acoustic communications in the presence of channel impairments, interference, and jamming. In particular, we consider BFSK and OFDM schemes for underwater acoustic communications and assess the utility of Polar coding for strengthening resiliency.

True Random Number Generator (TRNG) is an important hardware security primitive for system security. TRNGs are capable of providing random bits for initialization vectors in encryption engines, for padding and nonces in authentication protocols and for seeds to pseudo random number generators (PRNG). A TRNG needs to meet the same statistical quality standards as a physical unclonable function (PUF) with regard to randomness and uniqueness, and therefore one can envision a unified architecture for both functions. In this paper, we investigate a FPGA implementation of a TRNG using the Shift-register Reconvergent-Fanout (SiRF) PUF. The SiRF PUF measures path delays as a source of entropy within a engineered logic gate netlist. The delays are measured at high precision using a time-to-digital converter, and then processed into a random bitstring using a series of linear-time mathematical operations. The SiRF PUF algorithm that is used for key generation is reused for the TRNG, with simplifications that improve the bit generation rate of the algorithm. This enables the TRNG to leverage both fixed PUF-based entropy and random noise sources, and makes the TRNG resilient to temperature-voltage attacks. TRNG bitstrings generated from a programmable logic implementation of the SiRF PUF-TRNG on a set of FPGAs are evaluated using statistical testing tools.

A novel secure physical layer key generation method for Connected and Autonomous Vehicles (CAVs) against an attacker is proposed under fading and Additive White Gaussian Noise (AWGN). In the proposed method, a random sequence key is added to the demodulated sequence to generate a unique pre-shared key (PSK) to enhance security. Extensive computer simulation results proved that an attacker cannot extract the same legitimate PSK generated by the received vehicle even if identical fading and AWGN parameters are used both for the legitimate vehicle and attacker.

Physical Unclonable Functions (PUFs) are the secured hardware primitives to authenticate Integrated Circuits (ICs) from various unauthorized attacks. The secured key generation mechanism through PUFs is based on random Process Variations (PVs) inherited by the CMOS transistors. In this paper, we proposed a chaotic-based challenge generation mechanism to feed the arbiter PUFs. The chaotic property is introduced to increase the non-linearity in the arbitration mechanism thereby the uncertainty of the keys is attained. The chaotic sequences are easy to generate, difficult to intercept, and have the additional advantage of being in a large number Challenge-Response Pair (CRP) generation. The proposed design has a significant advantage in key generation with improved uniqueness and diffuseness of 47.33%, and 50.02% respectively. Moreover, the enhancement in the reliability of 96.14% and 95.13% range from −40C to 125C with 10% fluctuations in supply voltage states that it has prominent security assistance to the Internet of Things (IoT) enabled devices against malicious attacks.

The robustness of the encryption systems in all of their types depends on the key generation. Thus, an encryption system can be said robust if the generated key(s) are very complex and random which prevent attackers or other analytical tools to break the encryption system. This paper proposed an enhanced key generation based on iris image as biometric, to be implemented dynamically in both of authentication process and data encryption. The captured iris image during the authentication process will be stored in a cloud server to be used in the next login to decrypt data. While in the current login, the previously stored iris image in the cloud server would be used to decrypt data in the current session. The results showed that the generated key meets the required randomness for several NIST tests that is reasonable for one use. The strength of the proposed approach produced unrepeated keys for encryption and each key will be used once. The weakness of the produced key may be enhanced to become more random.

This paper presents a physically-secure wireless communication system utilizing orbital angular momentum (OAM) waves at 0.31THz. A trustworthy key distribution mechanism for symmetric key cryptography is proposed by exploiting random hopping among the orthogonal OAM-wave modes and phases. Keccak-f[400] based pseudorandom number generator provides randomness to phase distribution of OAM-wave modes for additional security. We assess the security vulnerabilities of using OAM modulation in a THz communication system under various physical-layer threat models as well as analyze the effectiveness of these threat models for varying attacker complexity levels under different conditions.

Plaintext transmission is the major way of communication in the existing security and stability control (SSC) system of power grid. Such type of communication is easy to be invaded, camouflaged and hijacked by a third party, leading to a serious threat to the safe and stable operation of power system. Focusing on the communication security in SSC system, the authors use asymmetric encryption algorithm to encrypt communication messages, to generate random numbers through random noise of electrical quantities, and then use them to generate key pairs needed for encryption, at the same time put forward a set of key management mechanism for engineering application. In addition, the field engineering test is performed to verify that the proposed encryption method and management mechanism can effectively improve the communication in SSC system while ensuring the high-speed and reliable communication.

In the era of big data, information security is faced with many threats, among which memory data security of intelligent devices is an important link. Attackers can read the memory of specific devices, and then steal secrets, alter data, affect the operation of intelligent devices, and bring security threats. Data security is usually protected by encryption algorithm for device ciphertext conversion, so the safe generation and use of key becomes particularly important. In this paper, based on the advantages of SRAM PUF, such as real-time generation, power failure and disappearance, safety and reliability, a key generation unit is designed and implemented. BCH code is used as the error correction algorithm to generate 128-bit stable key, which provides a guarantee for the safe storage of intelligent devices.

Deep learning-based semantic communications (DLSC) significantly improve communication efficiency by only transmitting the meaning of the data rather than a raw message. Such a novel paradigm can brace the high-demand applications with massive data transmission and connectivities, such as automatic driving and internet-of-things. However, DLSC are also highly vulnerable to various attacks, such as eavesdropping, surveillance, and spoofing, due to the openness of wireless channels and the fragility of neural models. To tackle this problem, we present SemKey, a novel physical layer key generation (PKG) scheme that aims to secure the DLSC by exploring the underlying randomness of deep learning-based semantic communication systems. To boost the generation rate of the secret key, we introduce a reconfigurable intelligent surface (RIS) and tune its elements with the randomness of semantic drifts between a transmitter and a receiver. Precisely, we first extract the random features of the semantic communication system to form the randomly varying switch sequence of the RIS-assisted channel and then employ the parallel factor-based channel detection method to perform the channel detection under RIS assistance. Experimental results show that our proposed SemKey significantly improves the secret key generation rate, potentially paving the way for physical layer security for DLSC.

Physical layer secret key exploits the random but reciprocal channel features between legitimate users to encrypt their data against fiber-tapping. We propose a novel tapping-based eavesdropper scheme, leveraging its tapped signals from legitimate users to reconstruct their common features and the secret key.

Cyberattacks have been progressed in the fields of Internet of Things, and artificial intelligence technologies using the advanced persistent threat (APT) method recently. The damage caused by ransomware is rapidly spreading among APT attacks, and the range of the damages of individuals, corporations, public institutions, and even governments are increasing. The seriousness of the problem has increased because ransomware has been evolving into an intelligent ransomware attack that spreads over the network to infect multiple users simultaneously. This study used open source endpoint detection and response tools to build and test a framework environment that enables systematic ransomware detection at the network and system level. Experimental results demonstrate that the use of EDR tools can quickly extract ransomware attack features and respond to attacks.

Cyber security is turning into a significant angle in each industry like in banking part, force and computerization segments. Servers are basic resources in these enterprises where business basic touch information is put away. These servers frequently join web servers in them through which any business information and tasks are performed remotely. Thus, clearly for a solid activity, security of web servers is extremely basic. This paper gives another testing way to deal with defenselessness appraisal of web applications by methods for breaking down and utilizing a consolidated arrangement of apparatuses to address a wide scope of security issues.

Malicious attacks, malware, and ransomware families pose critical security issues to cybersecurity, and it may cause catastrophic damages to computer systems, data centers, web, and mobile applications across various industries and businesses. Traditional anti-ransomware systems struggle to fight against newly created sophisticated attacks. Therefore, state-of-the-art techniques like traditional and neural network-based architectures can be immensely utilized in the development of innovative ransomware solutions. In this paper, we present a feature selection-based framework with adopting different machine learning algorithms including neural network-based architectures to classify the security level for ransomware detection and prevention. We applied multiple machine learning algorithms: Decision Tree (DT), Random Forest (RF), Naïve Bayes (NB), Logistic Regression (LR) as well as Neural Network (NN)-based classifiers on a selected number of features for ransomware classification. We performed all the experiments on one ransomware dataset to evaluate our proposed framework. The experimental results demonstrate that RF classifiers outperform other methods in terms of accuracy, F -beta, and precision scores.

Cybersecurity is important in the field of information technology. One most recent pressing issue is information security. When we think of cybersecurity, the first thing that comes to mind is cyber-attacks, which are on the rise, such as Ransomware. Various governments and businesses take a variety of measures to combat cybercrime. People are still concerned about ransomware, despite numerous cybersecurity precautions. In ransomware, the attacker encrypts the victim’s files/data and demands payment to unlock the data. Cybersecurity is a collection of tools, regulations, security guards, security ideas, guidelines, risk management, activities, training, insurance, best practices, and technology used to secure the cyber environment, organization, and user assets. This paper analyses ransomware attacks, techniques for dealing with these attacks, and future challenges.

This paper presents the machine learning algorithm to detect whether an executable binary is benign or ransomware. The ransomware cybercriminals have targeted our infrastructure, businesses, and everywhere which has directly affected our national security and daily life. Tackling the ransomware threats more effectively is a big challenge. We applied a machine-learning model to classify and identify the security level for a given suspected malware for ransomware detection and prevention. We use the feature selection data preprocessing to improve the prediction accuracy of the model.

Ransomware is an emerging threat that imposed a \$ 5 billion loss in 2017, rose to \$ 20 billion in 2021, and is predicted to hit \$ 256 billion in 2031. While initially targeting PC (client) platforms, ransomware recently leaped over to server-side databases-starting in January 2017 with the MongoDB Apocalypse attack and continuing in 2020 with 85,000 MySQL instances ransomed. Previous research developed countermeasures against client-side ransomware. However, the problem of server-side database ransomware has received little attention so far. In our work, we aim to bridge this gap and present DIMAQS (Dynamic Identification of Malicious Query Sequences), a novel anti-ransomware solution for databases. DIMAQS performs runtime monitoring of incoming queries and pattern matching using two classification approaches (Colored Petri Nets (CPNs) and Deep Neural Networks (DNNs)) for attack detection. Our system design exhibits several novel techniques like dynamic color generation to efficiently detect malicious query sequences globally (i.e., without limiting detection to distinct user connections). Our proof-of-concept and ready-to-use implementation targets MySQL servers. The evaluation shows high efficiency without false negatives for both approaches and a false positive rate of nearly 0%. Both classifiers show very moderate performance overheads below 6%. We will publish our data sets and implementation, allowing the community to reproduce our tests and results.

Ransomware groups represent a significant cyber threat to Western states. Most high-end ransomware actors reside in territorial safe-haven jurisdictions and prove to be resistant to traditional law enforcement activities. This has prompted public sector and cybersecurity industry leaders to perceive ransomware as a national security threat requiring a whole-of-government approach, including cyber operations. In this paper, we investigate whether cyber operations or the threat of cyber operations influence the ransomware ecosystem. Subsequently, we assess the vectors of influence and characteristics of past operations that have disrupted the ecosystem. We describe the specifics of the ransomware-as-a-service system and provide three case studies (DarkSide/BlackMatter, REvil, Conti) highly representative of the current ecosystem and the effect cyber operations have on it. Additionally, we present initial observations about the influence of cyber operations on the system, including best practices from cyber operations against non-state groups. We conclude that even professional, highly skilled, and top-performing ransomware groups can be disrupted through cyber operations. In fact, cyber operations can even bypass some limits imposed on law enforcement operations. Even when ransomware groups rebrand or resurface after a hiatus, we suggest their infrastructure (both technical, human, and reputational) will still suffer mid-to long-term disruption. Although cyber operations are unlikely to be a silver bullet, they are an essential tool in the whole-of-government and multinational efforts and may even grow in importance in the next several years.1‘Releasing the hounds’ is a term for offensive cyber operations aimed at disrupting global ransomware gangs, especially those conducted by militaries or intelligence agencies. First use is found in Patrick Gray and Adam Boileau, ‘Feature Podcast: Releasing the Hounds with Bobby Chesney’, Risky Business, 28 May 2020, https://risky.biz/HF6/.

Recent years have witnessed a surge in ransomware attacks. Especially, many a new variant of ransomware has continued to emerge, employing more advanced techniques distributing the payload while avoiding detection. This renders the traditional static ransomware detection mechanism ineffective. In this paper, we present our Hardware Anomaly Realtime Detection - Lightweight (HARD-Lite) framework that employs semi-supervised machine learning method to detect ransomware using low-level hardware information. By using an LSTM network with a weighted majority voting ensemble and exponential moving average, we are able to take into consideration the temporal aspect of hardware-level information formed as time series in order to detect deviation in system behavior, thereby increasing the detection accuracy whilst reducing the number of false positives. Testing against various ransomware across multiple families, HARD-Lite has demonstrated remarkable effectiveness, detecting all cases tested successfully. What's more, with a hierarchical design that distributing the classifier from the user machine that is under monitoring to a server machine, Hard-Lite enables good scalability as well.

Ransomware uses encryption methods to make data inaccessible to legitimate users. To date a wide range of ransomware families have been developed and deployed, causing immense damage to governments, corporations, and private users. As these cyberthreats multiply, researchers have proposed a range of ransom ware detection and classification schemes. Most of these methods use advanced machine learning techniques to process and analyze real-world ransomware binaries and action sequences. Hence this paper presents a survey of this critical space and classifies existing solutions into several categories, i.e., including network-based, host-based, forensic characterization, and authorship attribution. Key facilities and tools for ransomware analysis are also presented along with open challenges.

Ubiquitous environment embedded with artificial intelligent consist of heterogenous smart devices communicating each other in several context for the computation of requirements. In such environment the trust among the smart users have taken as the challenge to provide the secure environment during the communication in the ubiquitous region. To provide the secure trusted environment for the users of ubiquitous system proposed approach aims to extract behavior of smart invisible entities by retrieving their behavior of communication in the network and applying the recommendation-based filters using Deep learning (RBF-DL). The proposed model adopts deep learning-based classifier to classify the unfair recommendation with fair ones to have a trustworthy ubiquitous system. The capability of proposed model is analyzed and validated by considering different attacks and additional feature of instances in comparison with generic recommendation systems.

A recommender system is a filtering application based on personalized information from acquired big data to predict a user's preference. Traditional recommender systems primarily rely on keywords or scene patterns. Users' subjective emotion data are rarely utilized for preference prediction. Novel Brain Computer Interfaces hold incredible promise and potential for intelligent applications that rely on collected user data like a recommender system. This paper describes a deep learning method that uses Brain Computer Interfaces (BCI) based neural measures to predict a user's preference on short music videos. Our models are employed on both population-wide and individualized preference predictions. The recognition method is based on dynamic histogram measurement and deep neural network for distinctive feature extraction and improved classification. Our models achieve 97.21%, 94.72%, 94.86%, and 96.34% classification accuracy on two-class, three-class, four-class, and nine-class individualized predictions. The findings provide evidence that a personalized recommender system on an implicit BCI has the potential to succeed.

A recommender system aims to suggest the most relevant items to users based on their personal data. However, data privacy is a growing concern for anyone. Secure recommender system is a research direction to preserve user privacy while maintaining as high performance as possible. The most recent strategy is to use Federated Learning, a machine learning technique for privacy-preserving distributed training. In Federated Learning, a subset of users will be selected for training model using data at local systems, the server will securely aggregate the computing result from local models to generate a global model, finally that model will give recommendations to users. In this paper, we present a novel algorithm to train Collaborative Filtering recommender system specialized for the ranking task in Federated Learning setting, where the goal is to protect user interaction information (i.e., implicit feedback). Specifically, with the help of the algorithm, the recommender system will be trained by Neural Collaborative Filtering, one of the state-of-the-art matrix factorization methods and Bayesian Personalized Ranking, the most common pairwise approach. In contrast to existing approaches which protect user privacy by requiring users to download/upload the information associated with all interactions that they can possibly interact with in order to perform training, the algorithm can protect user privacy at low communication cost, where users only need to obtain/transfer the information related to a small number of interactions per training iteration. Above all, through extensive experiments, the algorithm has demonstrated to utilize user data more efficient than the most recent research called FedeRank, while ensuring that user privacy is still preserved.

Recommenders are central in many applications today. The most effective recommendation schemes, such as those based on collaborative filtering (CF), exploit similarities between user profiles to make recommendations, but potentially expose private data. Federated learning and decentralized learning systems address this by letting the data stay on user's machines to preserve privacy: each user performs the training on local data and only the model parameters are shared. However, sharing the model parameters across the network may still yield privacy breaches. In this paper, we present Rex, the first enclave-based decentralized CF recommender. Rex exploits Trusted execution environments (TEE), such as Intel software guard extensions (SGX), that provide shielded environments within the processor to improve convergence while preserving privacy. Firstly, Rex enables raw data sharing, which ultimately speeds up convergence and reduces the network load. Secondly, Rex fully preserves privacy. We analyze the impact of raw data sharing in both deep neural network (DNN) and matrix factorization (MF) recommenders and showcase the benefits of trusted environments in a full-fledged implementation of Rex. Our experimental results demonstrate that through raw data sharing, Rex significantly decreases the training time by 18.3 x and the network load by 2 orders of magnitude over standard decentralized approaches that share only parameters, while fully protecting privacy by leveraging trustworthy hardware enclaves with very little overhead.

In this paper, we proposed a data security model of a big data analytical environment in the financial sector. Big Data can be seen as a trend in the advancement of technology that has opened the door to a new approach to understanding and decision making that is used to describe the vast amount of data (structured, unstructured and semi-structured) that is too time consuming and costly to load a relational database for analysis. The increase in cybercriminal attacks on an organization’s assets results in organizations beginning to invest in and care more about their cybersecurity points and controls. The management of business-critical data is an important point for which robust cybersecurity controls should be considered. The proposed model is applied in a datalake and allows the identification of security gaps on an analytical repository, a cybersecurity risk analysis, design of security components and an assessment of inherent risks on high criticality data in a repository of a regulated financial institution. The proposal was validated in financial entities in Lima, Peru. Proofs of concept of the model were carried out to measure the level of maturity focused on: leadership and commitment, risk management, protection control, event detection and risk management. Preliminary results allowed placing the entities in level 3 of the model, knowing their greatest weaknesses, strengths and how these can affect the fulfillment of business objectives.