Browsing by Subject "security"
Now showing 1 - 20 of 36
Results Per Page
Sort Options
Item A Blockchain-Based Hybrid Model for IoMT-Enabled Intelligent Healthcare System(IEEE, 2024-03-18) Rehman, Ateeq Ur; Tariq, Nargis; Jan, Mian Ahmad; Khan, Fazlullah; Song, Houbing; Ibrahim, MuhammadIn recent years, the healthcare industry has undergone a digital transformation, making patient data publicly available and accessible. Healthcare units make a portion of the data public while keeping the rest private, necessitating various mechanisms for security and privacy. Blockchain technology has been widely adopted in the healthcare sector to secure data transactions. However, public blockchains face challenges in scalability and privacy, whereas private blockchains struggle with centralization, interoperability, and complexity. To address these challenges, we propose an Internet of Medical Things (IoMT)-based hybrid blockchain architecture. The proposed architecture combines the decentralized Ethereum and the centralized Hyperledger Fabric blockchain (Eth-Fab) using SQLite to leverage Ethereum smart contracts with the Hyperledger permission model. Moreover, we introduce access control strategies to enhance patient data authentication and authorization. We have employed machine learning algorithms to assist healthcare practitioners in accurately detecting diseases and making time-efficient decisions. Additionally, we modeled the proposed architecture using the M/M/1 queuing model and derived closed-form expressions for latency, throughput, and server utilization. The validity of these expressions was verified through Monte Carlo simulations. The results demonstrate that higher service times (block generation) yield better outcomes in terms of latency, throughput, and utilization, regardless of the arrival time, i.e., transactions in the mining pool.Item A FRAMEWORK FOR ANALYZING THE IMPACT OF ACTUATION LIMITS ON CYBER-PHYSICAL SYSTEMS(2020-01-20) Bohon, Scott; Robucci, Ryan; Computer Science and Electrical Engineering; Engineering, ComputerCyber-physical systems (CPS) are smart systems of networked computing and physical components. CPS are ubiquitous in industrial and consumer applications, ranging from control systems in smart power grids to phone touch screens. Unfortunately, the cyber component of CPS may introduce attack vectors by which a bad actor can cause harm to the physical system. A famous example includes the Stuxnet computer worm which inflicted physical damage to Iranian nuclear centrifuges. A cyber-physical mitigation strategy against CPS attacks is actuation limits. Actuation limits are constraints intentionally imposed on the actuators of a CPS to mitigate actuation behaviors which lead to dangerous states. Actuation limits, while able to constrain an attacker, may introduce performance penalties. In this research, a framework is presented which scores actuation limit schemes on their attack resilience and performance integrity. Attack resilience is measured by subjecting the CPS to a battery of cyber-physical attacks and observing if actuation limits were successful in mitigation. Performance integrity is measured by comparing the performance of the CPS with and without actuation limits. An algorithm to combine actuation limit schemes to yield an amalgam scheme with improved scores is presented. Actuation limits for a simulated ship autopilot are scored to demonstrate the utility of the framework. Low scores were observed in two general cases. Overly constraining actuation limits scored poorly in attack resilience and performance integrity as the required operating behaviors were compromised by the limits. Overly broad actuation limits preserved performance integrity yet did not sufficiently constrain an attacker and exhibited poor attack resilience. Amalgam schemes demonstrated high scores overall by only constraining the CPS in high risk states. The results of the research indicate the proposed framework can be a useful tool in evaluating the effectiveness of actuation limits as an attack mitigation strategy in CPS.Item Anomaly Detection Models for Smart Home Security(IEEE, 2019-08-29) Ramapatruni, Sowmya; Narayanan, Sandeep Nair; Mittal, Sudip; Joshi, Anupam; Joshi, KarunaRecent years have seen significant growth in the adoption of smart homes devices. These devices provide convenience, security, and energy efficiency to users. For example, smart security cameras can detect unauthorized movements, and smoke sensors can detect potential fire accidents. However, many recent examples have shown that they open up a new cyber threat surface. There have been several recent examples of smart devices being hacked for privacy violations and also misused so as to perform DDoS attacks. In this paper, we explore the application of big data and machine learning to identify anomalous activities that can occur in a smart home environment. A Hidden Markov Model (HMM) is trained on network level sensor data, created from a test bed with multiple sensors and smart devices. The generated HMM model is shown to achieve an accuracy of 97% in identifying potential anomalies that indicate attacks. We present our approach to build this model and compare with other techniques available in the literature.Item ATM: Automated Trust Management for Mobile Ad-hoc Networks Using Support Vector Machine(IEEE, 2011-06-06) Li, Wenjia; Joshi, Anupam; Finin, TimMobile Ad-hoc NETworks (MANETs) are extremely susceptible to various misbehaviors and a variety of trust management schemes have been proposed to detect and mitigate them. Most schemes rely on a set of pre-defined weights to determine how the extent of each misbehavior is used to evaluate the trustworthiness. However, due to the extremely dynamic nature of MANETs, it is not possible to determine a set of weights that are appropriate for all contexts. In this paper, an Automated Trust Management (ATM) system is described for MANETs that uses a support vector machine classifier to detect malicious MANET nodes. The ATM scheme is resilient to attempts by a malicious MANET node to hide its nature by varying its misbehavior patterns over time. The performance of the ATM scheme is evaluated via an extensive simulation study and compared with existing approaches.Item CARE-CPS: Context-Aware tRust Evaluation for Wireless Networks in Cyber-Physical System Using Policies(IEEE, 2011-06-06) Li, Wenjia; Jagtap, Pramod; Zavala, Laura; Joshi, Anupam; Finin, TimA Cyber-Physical System (CPS) involves a tight coupling between the physical and computational elements. Security is a key challenge for the deployment of CPS. Therefore, it is highly desirable to extract correct information from a large volume of noisy data and properly evaluate the reputation of reporting devices in CPS. In this paper, we propose a Context-Aware tRust Evaluation scheme for wireless networks in CPS (CARE-CPS), and a set of policy rules are declared to accurately describe how we determine the reputation of each reporting device based on these factors. To validate the CARE-CPS scheme, we have conducted experiments in terms of both simulation and real deployment on smart phones. Experimental results show that the CARE-CPS scheme can properly evaluate the trustworthiness of the report devices in CPS.Item Click to Enter: Comparing Graphical and Textual Passwords for Children(2017 Conference on Interaction Design and Children, 2017-06) Cole, Jasper; Walsh, Greg; Pease, ZacharyThis work outlines a study comparing graphical and textual passwords. A study was conducted with 13 children between the ages of six and twelve years old. These participants created their own textual and graphical passwords for fictional Web sites and after two weeks, participants returned and attempted to recall the usernames and passwords that they created. Our preliminary results showed that graphical passwords had a lower success rate and participants were less likely to access their accounts when using graphical passwords. Whether using graphical or textual passwords, children succeeded with generalities, but struggled with specifics.Item A Delegation Based Model for Distributed Trust(2001-08-01) Kagal, Lalana; Finin, Timothy; Peng, YunIn this paper we outline an infrastructure that facilitates security and trust management in a multi-agent system. Our model eases the problem of authorization in a network of heterogeneous agents and also contains mechanisms for delegation of authorization information. The framework allows agents to exchange trust information using a series of Interaction Protocols based on FIPA (Foundation for Intelligent Physical Agents) Interaction Protocols (FIPA 1998). It decentralizes security decisions, enabling more than one agent to be responsible for the validation of requests or for the delegation of permissions. It is very flexible and encourages mobility because the process of requesting services and granting access is divided into two independent steps. This allows an agent to disconnect after the first step and reconnect elsewhere to continue the process of securing the service. The model also uses a policy based approach, to specify rules for authorization and delegation, and a distributed knowledge base, that contains information about the interacting agents. We describe an implemented system that incorporates our framework using X.509 certificates and a Prolog knowledge base.Item Detecting Data Exfiltration by Integrating Information Across Layers(IEEE, 2013-08-14) Sharma, Puneet; Joshi, Anupam; Finin, TimData exfiltration is the unauthorized leakage of confidential data from a system. Unlike intrusions that seek to overtly disable or damage a system, it is particularly hard to detect because it uses a variety of low/slow vectors and advanced persistent threats (APTs). It is often assisted (intentionally or not) by an insider who might be an employee who downloads a trojan or uses a hardware component that has been tampered with or acquired from an unreliable source. Conventional scan and test based detection approaches work poorly, especially for hardware with embedded trojans. We describe a framework to detect potential exfiltration events that actively monitors of a set of key parameters that cover the entire stack, from hardware to the application layer. An attack alert is generated only if several monitors detect suspicious activity within a short temporal window. The cross-layer monitoring and integration helps ensure accurate alerts with fewer false positives and makes designing a successful attack more difficult.Item Developing a Forensics Tool for Social Media(2014 SouthEast Regional Conference, 2014-03) Ketel, Mohammed; Casser, TheodoreMillions of users around the world utilize social media sites on any given day, spreading information about their activities, whereabouts and thoughts to friends and interested readers. These same messages can be used to construct a digital and physical path that can be extracted for forensic analysis through application programming interfaces provided by each of the social media outlets. While there has been recent work discussing the spread of social media as a means of tracking news and trends in the world at large, little has been done to study a means to analyze the data available through social media using forensic methods. To fill this gap, an application has been created that can retrieve data created by users via social media applications and allow analysis of the same.Item Extracting Information about Security Vulnerabilities from Web Text(IEEE, 2011-08-22) Mulwad, Varish; Li, Wenjia; Joshi, Anupam; Finin, Tim; Viswanathan, KrishnamurthyThe Web is an important source of information about computer security threats, vulnerabilities and cyber-attacks. We present initial work on developing a framework to detect and extract information about vulnerabilities and attacks from Web text. Our prototype system uses Wikitology, a general purpose knowledge base derived from Wikipedia, to extract concepts that describe specific vulnerabilities and attacks, map them to related concepts from DBpedia and generate machine understandable assertions. Such a framework will be useful in adding structure to already existing vulnerability descriptions as well as detecting new ones. We evaluate our approach against vulnerability descriptions from the National Vulnerability Database. Our results suggest that it can be useful in monitoring streams of text from social media or chat rooms to identify potential new attacks and vulnerabilities or to collect data on the spread and volume of existing ones.Item A Framework for Distributed Trust Management(2001) Kagal, Lalana; Cost, Scott; Finin, Timothy; Peng, YunThis paper discusses our infrastructure for handling distributed security and trust. It outlines a method for access control across domains that handles complex inter domain trust relationships. We have developed a flexible representation of trust information in Prolog, that can model permissions and delegations. We are currently working on modeling obligations, entitlements, and prohibitions as well. This paper describes a scheme for restricting re-delegation without using a specific delegation depth. Using examples, this paper explains the internal working of our system and the trust information that flows within it.Item Giáo sư Mỹ: Cần công khai những sai trái của Trung Quốc ở Biển Đông(VCCI, 2019-11-12) Short, John RennieAccording to Ambassador Short, Vietnam needs to continue to promote the dissemination of the correct view in handling the South China Sea issue around the world: “China is a country with considerable influence and can easily apply place the country's views regionally and around the world. Therefore, Vietnam needs through scientific seminars and forums to express its views against China's wrongdoing. Vietnam needs to especially uphold resolving the remaining issues in the South China Sea by upholding the rule of law to counter China's unilateral and illegal actions in the region.Item Graph-Based Intrusion Detection System for Controller Area Networks(IEEE) Islam, Riadul; Refat, Rafi Ud Daula; Yerram, Sai Manikanta; Malik, HafizThe controller area network (CAN) is the most widely used intra-vehicular communication network in the automotive industry. Because of its simplicity in design, it lacks most of the requirements needed for a security-proven communication protocol. However, a safe and secured environment is imperative for autonomous as well as connected vehicles. Therefore CAN security is considered one of the important topics in the automotive research community. In this paper, we propose a fourstage intrusion detection system that uses the chi-squared method and can detect any kind of strong and weak cyber attacks in a CAN. This work is the first-ever graph-based defense system proposed for the CAN. Our experimental results show that we have a very low 5.26% misclassification for denial of service (DoS) attack, 10% misclassification for fuzzy attack, 4.76% misclassification for replay attack, and no misclassification for spoofing attack. In addition, the proposed methodology exhibits up to 13.73% better accuracy compared to existing ID sequence-based methods.Item I Can See the Light: Attacks on Autonomous Vehicles Using Invisible Lights(Association for Computing Machinery, 2021-11-15) Wang, Wei; Yao, Yao; Liu, Xin; Li, Xiang; Hao, Pei; Zhu, TingThe camera is one of the most important sensors for an autonomous vehicle (AV) to perform Environment Perception and Simultaneous Localization and Mapping (SLAM). To secure the camera, current autonomous vehicles not only utilize the data gathered from multiple sensors (e.g., Camera, Ultrasonic Sensor, Radar, or LiDAR) for environment perception and SLAM but also require the human driver to always realize the driving situation, which can effectively defend against previous attack approaches (i.e., creating visible fake objects or introducing perturbations to the camera by using advanced deep learning techniques). Different from their work, in this paper, we in-depth investigate the features of Infrared light and introduce a new security challenge called I-Can-See-the-Light- Attack (ICSL Attack) that can alter environment perception results and introduce SLAM errors to the AV. Specifically, we found that the invisible infrared lights (IR light) can successfully trigger the image sensor while human eyes cannot perceive IR lights. Moreover, the IR light appears magenta color in the camera, which triggers different pixels from the ambient visible light and can be selected as key points during the AV's SLAM process. By leveraging these features, we explore to i) generate invisible traffic lights, ii) create fake invisible objects, iii) ruin the in-car user experience, and iv) introduce SLAM errors to the AV. We implement the ICSL Attack by using off-the-shelf IR light sources and conduct an extensive evaluation on Tesla Model 3 and an enterprise-level autonomous driving platform under various environments and settings. We demonstrate the effectiveness of the ICSL Attack and prove that current autonomous vehicle companies have not yet considered the ICSL Attack, which introduces severe security issues. To secure the AV, by exploring unique features of the IR light, we propose a software-based detection module to defend against the ICSL Attack.Item Information Integration and Analysis: A Semantic Approach to Privacy(IEEE, 2011-10-09) Oberoi, Madan; Jagtap, Pramod; Joshi, Anupam; Finin, Tim; Kagal, LalanaThe balance between privacy and security concerns is a hotly debated topic, especially as government (and private) entities are able to gather and analyze data from several disparate sources with ease. This ability to do large scale analytics of publicly accessible data leads to significant privacy concerns. In particular, for the government, there is the fear of a fishing expedition against individuals. The model in this paper describes a way to address these concerns in a multi-user and multi-database owner environment. The model provides an assurance system where database owners are able to test and audit the assurances given by users thereby increasing the trust in the system. The concept of segregating data used for processing from data needed for final end use and providing different levels of access to them through a mediator machine has been used. The audit component consisting of a justification mechanism increases the trust in the system.Item A Knowledge-Based Approach To Intrusion Detection Modeling(IEEE, 2012-05-24) More, Sumit; Mathews, M. Lisa; Joshi, Anupam; Finin, TimCurrent state of the art intrusion detection and prevention systems (IDPS) are signature-based systems that detect threats and vulnerabilities by cross-referencing the threat or vulnerability signatures in their databases. These systems are incapable of taking advantage of heterogeneous data sources for analysis of system activities for threat detection. This work presents a situation-aware intrusion detection model that integrates these heterogeneous data sources and build a semantically rich knowledge-base to detect cyber threats/vulnerabilities.Item Multilingual Text Alignment(2019-01-01) Ranade, Priyanka; Joshi, Karuna P; Joshi, Anupam; Information Systems; Information SystemsCybersecurity threats, exploits, and intelligence sources have evolved to be largely cross-regional over the course of time. Although the security community perpetually addresses this topic, its scope is continually stretching and introducing new areas of study. Particularly, an area of research that is relevant but heavily under-explored, is the use of multilingual open source intelligence in cyber operations. Open Source Intelligence (OSINT) in the form of text is scattered across major criminal networks, and is highly multilingual in nature. By aligning multilingual sources, the security community can tap into new pools of intelligence. Language alignment, can be achieved through the use of neural machine translation (NMT) systems. This theses explores supervised and unsupervised methods in aligning multilingual open source intelligence sources without the use of of third party engines. Although third party engines are growing stronger, they are unsuited for private security environments. First, sensitive intelligence is not a permitted input to third party engines due to privacy and confidentiality policies. In addition, third party engines produce generalized translations that tend to lack exclusive cyber security terminology, which could be integral in attack discovery. We addresses these issues and describe our system that enables threat intelligence understanding across unfamiliar languages. We create monolingual and multilingual word embeddings from open source intelligence data in two distinct languages, and derive a bilingual dictionary through both supervised and unsupervised methods. We then create a neural network based system that takes in cybersecurity data in a different language and outputs the respective English translation. We evaluate with traditional approaches, and through experimental applications.Item On Web, Semantics, and Data Mining: Intrusion Detection as a Case Study(2003-05-01) Joshi, Anupam; Undercoffer, JeffreyWe examine the intersection of data mining and semantic web in this paper. We briefly identify some points where they can impact one another, and then develop a specific example of intrusion detection, an application of distributed data mining. We have produced an ontology specifying a model of computer attacks. Our model is based upon an analysis of over 4,000 classes of computer attacks and their corresponding attack strategies using data derived from CERT/CC advisories and NIST’s ICAT meta-base. We present our attack model first as a taxonomy and convert it to a target-centric ontology that will be refined and expanded over time. We state the benefits of forgoing dependence upon taxonomies for the classification of computer attacks and intrusions, in favor of ontologies. We illustrate the benefits of utilizing an ontology by comparing a use case scenario of our ontology and the IETF’s Intrusion Detection Exchange Message Format Data Model.Item On-Chip Voltage and Temperature Digital Sensor for Security, Reliability, and Portability(2020-10-04) Anik, Md Toufiq Hasan; Ebrahimabadi, Mohammad; Pirsiavash, Hamed; Karimi, Naghmeh; Danger, Jean-Luc; Guilley, SylvainItem Outlier Detection in Ad Hoc Networks Using Dempster-Shafer Theory(IEEE, 2009-05-18) Li, Wenjia; Joshi, AnupamMobile Ad-hoc NETworks (MANETs) are known to be vulnerable to a variety of attacks due to lack of central authority or fixed network infrastructure. Many security schemes have been proposed to identify misbehaving nodes. Most of these security schemes rely on either a predefined threshold, or a set of well-defined training data to build up the detection mechanism before effectively identifying the malicious peers. However, it is generally difficult to set appropriate thresholds, and collecting training datasets representative of an attack ahead of time is also problematic. We observe that the malicious peers generally demonstrate behavioral patterns different from all the other normal peers, and argue that outlier detection techniques can be used to detect malicious peers in ad hoc networks. A problem with this approach is combining evidence from potentially untrustworthy peers to detect the outliers. In this paper, an outlier detection algorithm is proposed that applies the Dempster-Shafer theory to combine observation results from multiple nodes because it can appropriately reflect uncertainty as well as unreliability of the observations. The simulation results show that the proposed scheme is highly resilient to attackers and it can converge stably to a common outlier view amongst distributed nodes with a limited communication overhead.