HyMo: Vulnerability Detection in Smart Contracts using a Novel Multi-Modal Hybrid Model

With blockchain technology rapidly progress, the smart contracts have become a common tool in a number of industries including finance, healthcare, insurance and gaming. The number of smart contracts has multiplied, and at the same time, the security of smart contracts has drawn considerable attention due to the monetary losses brought on by smart contract vulnerabilities. Existing analysis techniques are capable of identifying a large number of smart contract security flaws, but they rely too much on rigid criteria established by specialists, where the detection process takes much longer as the complexity of the smart contract rises. In this paper, we propose HyMo as a multi-modal hybrid deep learning model, which intelligently considers various input representations to consider multimodality and FastText word embedding technique, which represents each word as an n-gram of characters with BiGRU deep learning technique, as a sequence processing model that consists of two GRUs to achieve higher accuracy in smart contract vulnerability detection. The model gathers features using various deep learning models to identify the smart contract vulnerabilities. Through a series of studies on the currently publicly accessible dataset such as ScrawlD, we show that our hybrid HyMo model has excellent smart contract vulnerability detection performance. Therefore, HyMo performs better detection of smart contract vulnerabilities against other approaches

Creating Synthetic Attacks with Evolutionary Algorithms for Proactive Defense of Industrial Control Systems

Industrial control systems (ICS) play an important role in critical infrastructure. Cybersecurity defenders can use honeypots (decoy systems) to capture and study malicious ICS traffic. A problem with existing ICS honeypots is their low interactivity, causing intruders to quickly abandon the attack attempts. This research aims to improve ICS honeypots by feeding them realistic artificially generated packets and examining their behavior to proactively identify functional gaps in defenses. Our synthetic attack generator (SAGO) uses an evolutionary algorithm on known attack traffic to create new variants of Log4j exploits (CVE-2021-44228) and Industroyer2 malware. We tested over 5,200 and 256 unique Log4j and IEC 104 variations respectively, with success rates up to 70 percent for Log4j and 40 percent for IEC 104. We identified improvements to our honeypot’s interactivity based on its responses to these attacks. Our technique can aid defenders in hardening perimeter protection against new attack variants

Security of Cyber-Physical Systems

Cyber-physical system (CPS) innovations, in conjunction with their sibling computational and technological advancements, have positively impacted our society, leading to the establishment of new horizons of service excellence in a variety of applicational fields. With the rapid increase in the application of CPSs in safety-critical infrastructures, their safety and security are the top priorities of next-generation designs. The extent of potential consequences of CPS insecurity is large enough to ensure that CPS security is one of the core elements of the CPS research agenda. Faults, failures, and cyber-physical attacks lead to variations in the dynamics of CPSs and cause the instability and malfunction of normal operations. This reprint discusses the existing vulnerabilities and focuses on detection, prevention, and compensation techniques to improve the security of safety-critical systems

Fingerprinting Vulnerabilities in Intelligent Electronic Device Firmware

Modern smart grid deployments heavily rely on the advanced capabilities that Intelligent Electronic Devices (IEDs) provide. Furthermore, these devices firmware often contain critical vulnerabilities that if exploited could cause large impacts on national economic security, and national safety. As such, a scalable domain specific approach is required in order to assess the security of IED firmware. In order to resolve this lack of an appropriate methodology, we present a scalable vulnerable function identification framework. It is specifically designed to analyze IED firmware and binaries that employ the ARM CPU architecture. Its core functionality revolves around a multi-stage detection methodology that is specifically designed to resolve the lack of specialization that limits other general-purpose approaches. This is achieved by compiling an extensive database of IED specific vulnerabilities and domain specific firmware that is evaluated. Its analysis approach is composed of three stages that leverage function syntactic, semantic, structural and statistical features in order to identify vulnerabilities. As such it (i) first filters out dissimilar functions based on a group of heterogeneous features, (ii) it then further filters out dissimilar functions based on their execution paths, and (iii) it finally identifies candidate functions based on fuzzy graph matching . In order to validate our methodologies capabilities, it is implemented as a binary analysis framework entitled BinArm. The resulting algorithm is then put through a rigorous set of evaluations that demonstrate its capabilities. These include the capability to identify vulnerabilities within a given IED firmware image with a total accuracy of 0.92

Comparison of Ethereum Smart Contract Vulnerability Detection Tools

The thesis aims to reflect on the technical aspects of the Blockchain and Ethereum Smart Contract Vulnerabilities. The thesis has provided an in-depth overview of blockchain technologies, focused on Bitcoin, Ethereum needed to understand for vulnerabilities in blockchain. Application of cryptographic functions, consensus algorithm is explained and Blockchain security vulnerabilities are presented. A summary of public and private blockchains are shown, how these differ from each other and what are the use cases for these various blockchain application is provided. Ethereum Smart Contract are introduced and explained. The vulnerabilities present in smart contract are researched empirically. The second half of thesis is focused on finding security flaws and vulnerabilities on Ethereum Smart contract. The attack vectors that are possible, cyber-attacks which has already happened and how can they be mitigated, if found, are presented. Analysis and comparison of popular Ethereum Smart Contract Vulnerability detection tools has been empirically studied using an automated tool called SmartBugs and the results are presented

SoK: Security of Programmable Logic Controllers

Billions of people rely on essential utility and manufacturing infrastructures such as water treatment plants, energy management, and food production. Our dependence on reliable infrastructures makes them valuable targets for cyberattacks. One of the prime targets for adversaries attacking physical infrastructures are Programmable Logic Controllers (PLCs) because they connect the cyber and physical worlds. In this study, we conduct the first comprehensive systematization of knowledge that explores the security of PLCs: We present an in-depth analysis of PLC attacks and defenses and discover trends in the security of PLCs from the last 17 years of research. We introduce a novel threat taxonomy for PLCs and Industrial Control Systems (ICS). Finally, we identify and point out research gaps that, if left ignored, could lead to new catastrophic attacks against critical infrastructures.Comment: 25 pages, 13 figures, Extended version February 2024, A shortened version is to be published in the 33rd USENIX Security Symposium, for more information, see https://efrenlopez.org

Implementation of Port Knocking with Telegram Notifications to Protect Against Scanner Vulnerabilities

The opening of the service port on the Mikrotik router provides an opening for hackers to enter the Mikrotik service to access the router illegally. This research aimed to close certain ports that are gaps for hackers and uses port knocking and telegram bots. The Telegram bot was used as a message notification to managers in real-time to provide information that occurs when the vulnerability scanning process is carried out to find and map weaknesses in the network system. Searching for weaknesses also includes looking for open router service ports such as ports 22, 23, 80, and 8291. This research used the Network Development Life Cycle method, which started from analysis design and prototype simulation to implementation. The research results after testing were able to secure local network service ports against vulnerability scanners on routers using the port knocking method, and testing attack schemes carried out from each scheme could run well on the router’s local network and obtain notifications via telegram bots in real time to administrators. This research contributes to administrators’ ability to secure networks so irresponsible people do not easily infiltrate them