3,434 research outputs found
Graph Mining for Cybersecurity: A Survey
The explosive growth of cyber attacks nowadays, such as malware, spam, and
intrusions, caused severe consequences on society. Securing cyberspace has
become an utmost concern for organizations and governments. Traditional Machine
Learning (ML) based methods are extensively used in detecting cyber threats,
but they hardly model the correlations between real-world cyber entities. In
recent years, with the proliferation of graph mining techniques, many
researchers investigated these techniques for capturing correlations between
cyber entities and achieving high performance. It is imperative to summarize
existing graph-based cybersecurity solutions to provide a guide for future
studies. Therefore, as a key contribution of this paper, we provide a
comprehensive review of graph mining for cybersecurity, including an overview
of cybersecurity tasks, the typical graph mining techniques, and the general
process of applying them to cybersecurity, as well as various solutions for
different cybersecurity tasks. For each task, we probe into relevant methods
and highlight the graph types, graph approaches, and task levels in their
modeling. Furthermore, we collect open datasets and toolkits for graph-based
cybersecurity. Finally, we outlook the potential directions of this field for
future research
On the Activity Privacy of Blockchain for IoT
Security is one of the fundamental challenges in the Internet of Things (IoT)
due to the heterogeneity and resource constraints of the IoT devices. Device
classification methods are employed to enhance the security of IoT by detecting
unregistered devices or traffic patterns. In recent years, blockchain has
received tremendous attention as a distributed trustless platform to enhance
the security of IoT. Conventional device identification methods are not
directly applicable in blockchain-based IoT as network layer packets are not
stored in the blockchain. Moreover, the transactions are broadcast and thus
have no destination IP address and contain a public key as the user identity,
and are stored permanently in blockchain which can be read by any entity in the
network. We show that device identification in blockchain introduces privacy
risks as the malicious nodes can identify users' activity pattern by analyzing
the temporal pattern of their transactions in the blockchain. We study the
likelihood of classifying IoT devices by analyzing their information stored in
the blockchain, which to the best of our knowledge, is the first work of its
kind. We use a smart home as a representative IoT scenario. First, a blockchain
is populated according to a real-world smart home traffic dataset. We then
apply machine learning algorithms on the data stored in the blockchain to
analyze the success rate of device classification, modeling both an informed
and a blind attacker. Our results demonstrate success rates over 90\% in
classifying devices. We propose three timestamp obfuscation methods, namely
combining multiple packets into a single transaction, merging ledgers of
multiple devices, and randomly delaying transactions, to reduce the success
rate in classifying devices. The proposed timestamp obfuscation methods can
reduce the classification success rates to as low as 20%
Applications of Repeated Games in Wireless Networks: A Survey
A repeated game is an effective tool to model interactions and conflicts for
players aiming to achieve their objectives in a long-term basis. Contrary to
static noncooperative games that model an interaction among players in only one
period, in repeated games, interactions of players repeat for multiple periods;
and thus the players become aware of other players' past behaviors and their
future benefits, and will adapt their behavior accordingly. In wireless
networks, conflicts among wireless nodes can lead to selfish behaviors,
resulting in poor network performances and detrimental individual payoffs. In
this paper, we survey the applications of repeated games in different wireless
networks. The main goal is to demonstrate the use of repeated games to
encourage wireless nodes to cooperate, thereby improving network performances
and avoiding network disruption due to selfish behaviors. Furthermore, various
problems in wireless networks and variations of repeated game models together
with the corresponding solutions are discussed in this survey. Finally, we
outline some open issues and future research directions.Comment: 32 pages, 15 figures, 5 tables, 168 reference
Three Decades of Deception Techniques in Active Cyber Defense -- Retrospect and Outlook
Deception techniques have been widely seen as a game changer in cyber
defense. In this paper, we review representative techniques in honeypots,
honeytokens, and moving target defense, spanning from the late 1980s to the
year 2021. Techniques from these three domains complement with each other and
may be leveraged to build a holistic deception based defense. However, to the
best of our knowledge, there has not been a work that provides a systematic
retrospect of these three domains all together and investigates their
integrated usage for orchestrated deceptions. Our paper aims to fill this gap.
By utilizing a tailored cyber kill chain model which can reflect the current
threat landscape and a four-layer deception stack, a two-dimensional taxonomy
is developed, based on which the deception techniques are classified. The
taxonomy literally answers which phases of a cyber attack campaign the
techniques can disrupt and which layers of the deception stack they belong to.
Cyber defenders may use the taxonomy as a reference to design an organized and
comprehensive deception plan, or to prioritize deception efforts for a budget
conscious solution. We also discuss two important points for achieving active
and resilient cyber defense, namely deception in depth and deception lifecycle,
where several notable proposals are illustrated. Finally, some outlooks on
future research directions are presented, including dynamic integration of
different deception techniques, quantified deception effects and deception
operation cost, hardware-supported deception techniques, as well as techniques
developed based on better understanding of the human element.Comment: 19 page
An Outline of Security in Wireless Sensor Networks: Threats, Countermeasures and Implementations
With the expansion of wireless sensor networks (WSNs), the need for securing
the data flow through these networks is increasing. These sensor networks allow
for easy-to-apply and flexible installations which have enabled them to be used
for numerous applications. Due to these properties, they face distinct
information security threats. Security of the data flowing through across
networks provides the researchers with an interesting and intriguing potential
for research. Design of these networks to ensure the protection of data faces
the constraints of limited power and processing resources. We provide the
basics of wireless sensor network security to help the researchers and
engineers in better understanding of this applications field. In this chapter,
we will provide the basics of information security with special emphasis on
WSNs. The chapter will also give an overview of the information security
requirements in these networks. Threats to the security of data in WSNs and
some of their counter measures are also presented
Design Models for Trusted Communications in Vehicle-to-Everything (V2X) Networks
Intelligent transportation system is one of the main systems which has been developed to achieve safe traffic and efficient transportation. It enables the road entities to establish connections with other road entities and infrastructure units using Vehicle-to-Everything (V2X) communications. To improve the driving experience, various applications are implemented to allow for road entities to share the information among each other. Then, based on the received information, the road entity can make its own decision regarding road safety and guide the driver. However, when these packets are dropped for any reason, it could lead to inaccurate decisions due to lack of enough information. Therefore, the packets should be sent through a trusted communication. The trusted communication includes a trusted link and trusted road entity. Before sending packets, the road entity should assess the link quality and choose the trusted link to ensure the packet delivery. Also, evaluating the neighboring node behavior is essential to obtain trusted communications because some misbehavior nodes may drop the received packets.
As a consequence, two main models are designed to achieve trusted V2X communications. First, a multi-metric Quality of Service (QoS)-balancing relay selection algorithm is proposed to elect the trusted link. Analytic Hierarchy Process (AHP) is applied to evaluate the link based on three metrics, which are channel capacity, link stability and end-to-end delay. Second, a recommendation-based trust model is designed for V2X communication to exclude misbehavior nodes. Based on a comparison between trust-based methods, weighted-sum is chosen in the proposed model. The proposed methods ensure trusted communications by reducing the Packet Dropping Rate (PDR) and increasing the end-to-end delivery packet ratio. In addition, the proposed trust model achieves a very low False Negative Rate (FNR) in comparison with an existing model
- …