15 research outputs found

    Negotiating Internet Governance

    Get PDF
    What is at stake for how the Internet continues to evolve is the preservation of its integrity as a single network. In practice, its governance is neither centralised nor unitary; it is piecemeal and fragmented, with authoritative decision-making coming from different sources simultaneously: governments, businesses, international organisations, technical and academic experts, and civil society. Historically, the conditions for their interaction were rarely defined beyond basic technical coordination, due at first to the academic freedom granted to the researchers developing the network and, later on, to the sheer impossibility of controlling mushrooming Internet initiatives. Today, the search for global norms and rules for the Internet continues, be it for cybersecurity or artificial intelligence, amid processes fostering the supremacy of national approaches or the vitality of a pluralist environment with various stakeholders represented. This book provides an incisive analysis of the emergence and evolution of global Internet governance, unpacking the complexity of more than 300 governance arrangements, influential debates and political negotiations over four decades. Highly accessible, this book breaks new ground through a wide empirical exploration and a new conceptual approach to governance enactment in global issue domains. A tripartite framework is employed for revealing power dynamics, relying on: a) an extensive database of mechanisms of governance for the Internet at the global and regional level; b) an in-depth analysis of the evolution of actors and priorities over time; and c) a key set of dominant practices observed in the Internet governance communities. It explains continuity and change in Internet-related negotiations, opening up new directions for thinking and acting in this field

    Detecting IoT Attacks Using an Ensemble Machine Learning Model

    Get PDF
    Malicious attacks are becoming more prevalent due to the growing use of Internet of Things (IoT) devices in homes, offices, transportation, healthcare, and other locations. By incorporating fog computing into IoT, attacks can be detected in a short amount of time, as the distance between IoT devices and fog devices is smaller than the distance between IoT devices and the cloud. Machine learning is frequently used for the detection of attacks due to the huge amount of data available from IoT devices. However, the problem is that fog devices may not have enough resources, such as processing power and memory, to detect attacks in a timely manner. This paper proposes an approach to offload the machine learning model selection task to the cloud and the real-time prediction task to the fog nodes. Using the proposed method, based on historical data, an ensemble machine learning model is built in the cloud, followed by the real-time detection of attacks on fog nodes. The proposed approach is tested using the NSL-KDD dataset. The results show the effectiveness of the proposed approach in terms of several performance measures, such as execution time, precision, recall, accuracy, and ROC (receiver operating characteristic) curve

    A Taxonomy for Risk Assessment of Cyberattacks on Critical Infrastructure (TRACI)

    Get PDF
    Cybercrime against critical infrastructure such as nuclear reactors, power plants, and dams has been increasing in frequency and severity. Recent literature regarding these types of attacks has been extensive but due to the sensitive nature of this field, there is very little empirical data. We address these issues by integrating Routine Activity Theory and Rational Choice Theory, and we create a classification tool called TRACI (Taxonomy for Risk Assessment of Cyberattacks on Critical Infrastructure). We take a Design Science Research approach to develop, evaluate, and refine the proposed artifact. We use mix methods to demonstrate that our taxonomy can successfully capture the characteristics of various cyberattacks against critical infrastructure. TRACI consists of three dimensions, and each dimension contains its own subdimensions. The first dimension comprises of hacker motivation, which can be financial, socio-cultural, thrill-seeking, and/or economic. The second dimension represents the assets such as cyber, physical, and/or cyber-physical components. The third dimension is related to threats, vulnerabilities, and controls that are fundamental to establishing and maintaining an information security posture and overall cyber resilience. Our work is among the first to utilize criminological theories and Design Science to create an empirically validated artifact for improving critical infrastructure risk management

    Detection of Abnormal SIP Signaling Patterns: A Deep Learning Comparison

    Get PDF
    UIDB/ 50008/2020This paper investigates the detection of abnormal sequences of signaling packets purposely generated to perpetuate signaling-based attacks in computer networks. The problem is studied for the Session Initiation Protocol (SIP) using a dataset of signaling packets exchanged by multiple end-users. A sequence of SIP messages never observed before can indicate possible exploitation of a vulnerability and its detection or prediction is of high importance to avoid security attacks due to unknown abnormal SIP dialogs. The paper starts to briefly characterize the adopted dataset and introduces multiple definitions to detail how the deep learning-based approach is adopted to detect possible attacks. The proposed solution is based on a convolutional neural network capable of exploring the definition of an orthogonal space representing the SIP dialogs. The space is then used to train the neural network model to classify the type of SIP dialog according to a sequence of SIP packets prior observed. The classifier of unknown SIP dialogs relies on the statistical properties of the supervised learning of known SIP dialogs. Experimental results are presented to assess the solution in terms of SIP dialogs prediction, unknown SIP dialogs detection, and computational performance, demonstrating the usefulness of the proposed methodology to rapidly detect signaling-based attacks.publishersversionpublishe

    Towards a Blockchain Assisted Patient Owned System for Electronic Health Records

    Get PDF
    Security and privacy of patients’ data is a major concern in the healthcare industry. In this paper, we propose a system that activates robust security and privacy of patients’ medical records as well as enables interoperability and data exchange between the different healthcare providers. The work proposes the shift from patient’s electronic health records being managed and controlled by the healthcare industry to a patient-centric application where patients are in control of their data. The aim of this research is to build an Electronic Healthcare Record (EHR) system that is layered on the Ethereum blockchain platform and smart contract in order to eliminate the need for third-party systems. With this system, the healthcare provider can search for patient’s data and request the patients’ consent to access it. Patients manage their data which enables an expedited data exchange across EHR systems. Each patient’s data are stored on the peer-to-peer node ledger. The proposed patient-centric EHR platform is cross-platform compliant, as it can be accessed via personal computers and mobile devices and facilitates interoperability across healthcare providers as patients’ medical records are gathered from different healthcare providers and stored in a unified format. The proposed framework is tested on a private Ethereum network using Ganache. The results show the effectiveness of the system with respect to security, privacy, performance and interoperability

    Cyber Security and Critical Infrastructures

    Get PDF
    This book contains the manuscripts that were accepted for publication in the MDPI Special Topic "Cyber Security and Critical Infrastructure" after a rigorous peer-review process. Authors from academia, government and industry contributed their innovative solutions, consistent with the interdisciplinary nature of cybersecurity. The book contains 16 articles: an editorial explaining current challenges, innovative solutions, real-world experiences including critical infrastructure, 15 original papers that present state-of-the-art innovative solutions to attacks on critical systems, and a review of cloud, edge computing, and fog's security and privacy issues

    An Approach to Guide Users Towards Less Revealing Internet Browsers

    Get PDF
    When browsing the Internet, HTTP headers enable both clients and servers send extra data in their requests or responses such as the User-Agent string. This string contains information related to the sender’s device, browser, and operating system. Previous research has shown that there are numerous privacy and security risks result from exposing sensitive information in the User-Agent string. For example, it enables device and browser fingerprinting and user tracking and identification. Our large analysis of thousands of User-Agent strings shows that browsers differ tremendously in the amount of information they include in their User-Agent strings. As such, our work aims at guiding users towards using less exposing browsers. In doing so, we propose to assign an exposure score to browsers based on the information they expose and vulnerability records. Thus, our contribution in this work is as follows: first, provide a full implementation that is ready to be deployed and used by users. Second, conduct a user study to identify the effectiveness and limitations of our proposed approach. Our implementation is based on using more than 52 thousand unique browsers. Our performance and validation analysis show that our solution is accurate and efficient. The source code and data set are publicly available and the solution has been deployed

    Cyberbullying in educational context

    Get PDF
    Kustenmacher and Seiwert (2004) explain a man’s inclination to resort to technology in his interaction with the environment and society. Thus, the solution to the negative consequences of Cyberbullying in a technologically dominated society is represented by technology as part of the technological paradox (Tugui, 2009), in which man has a dual role, both slave and master, in the interaction with it. In this respect, it is noted that, notably after 2010, there have been many attempts to involve artificial intelligence (AI) to recognize, identify, limit or avoid the manifestation of aggressive behaviours of the CBB type. For an overview of the use of artificial intelligence in solving various problems related to CBB, we extracted works from the Scopus database that respond to the criterion of the existence of the words “cyberbullying” and “artificial intelligence” in the Title, Keywords and Abstract. These articles were the subject of the content analysis of the title and, subsequently, only those that are identified as a solution in the process of recognizing, identifying, limiting or avoiding the manifestation of CBB were kept in the following Table where we have these data synthesized and organized by years
    corecore