276 research outputs found
Advances in Information Security and Privacy
With the recent pandemic emergency, many people are spending their days in smart working and have increased their use of digital resources for both work and entertainment. The result is that the amount of digital information handled online is dramatically increased, and we can observe a significant increase in the number of attacks, breaches, and hacks. This Special Issue aims to establish the state of the art in protecting information by mitigating information risks. This objective is reached by presenting both surveys on specific topics and original approaches and solutions to specific problems. In total, 16 papers have been published in this Special Issue
How to Design and Deliver Courses for Higher Education in the AI Era: Insights from Exam Data Analysis
In this position paper, we advocate for the idea that courses and exams in
the AI era have to be designed based on two factors: (1) the strengths and
limitations of AI, and (2) the pedagogical educational objectives. Based on
insights from the Delors report on education [1], we first address the role of
education and recall the main objectives that educational institutes must
strive to achieve independently of any technology. We then explore the
strengths and limitations of AI, based on current advances in AI. We explain
how courses and exams can be designed based on these strengths and limitations
of AI, providing different examples in the IT, English, and Art domains. We
show how we adopted a pedagogical approach that is inspired from the Socratic
teaching method from January 2023 to May 2023. Then, we present the data
analysis results of seven ChatGPT-authorized exams conducted between December
2022 and March 2023. Our exam data results show that there is no correlation
between students' grades and whether or not they use ChatGPT to answer their
exam questions. Finally, we present a new exam system that allows us to apply
our pedagogical approach in the AI era
Detection of HTTPS brute-force attacks in high-speed computer networks
Tato práce pĹ™edstavuje pĹ™ehled metod pro detekci sĂĹĄovĂ˝ch hrozeb se zaměřenĂm na Ăştoky hrubou silou proti webovĂ˝m aplikacĂm, jako jsou WordPress a Joomla. Byl vytvoĹ™en novĂ˝ dataset, kterĂ˝ se skládá z provozu zachycenĂ©ho na páteĹ™nĂ sĂti a ĂştokĹŻ generovanĂ˝ch pomocĂ open-source nástrojĹŻ. Práce pĹ™inášà novou metodu pro detekci Ăştoku hrubou silou, která je zaloĹľena na charakteristikách jednotlivĂ˝ch paketĹŻ a pouĹľĂvá modernĂ metody strojovĂ©ho uÄŤenĂ. Metoda funguje s šifrovanou HTTPS komunikacĂ, a to bez nutnosti dešifrovánĂ jednotlivĂ˝ch paketĹŻ. Stále vĂce webovĂ˝ch aplikacĂ pouĹľĂvá HTTPS pro zabezpeÄŤenĂ komunikace, a proto je nezbytnĂ© aktualizovat detekÄŤnĂ metody, aby byla zachována základnĂ viditelnost do sĂĹĄovĂ©ho provozu.This thesis presents a review of flow-based network threat detection, with the focus on brute-force attacks against popular web applications, such as WordPress and Joomla. A new dataset was created that consists of benign backbone network traffic and brute-force attacks generated with open-source attack tools. The thesis proposes a method for brute-force attack detection that is based on packet-level characteristics and uses modern machine-learning models. Also, it works with encrypted HTTPS traffic, even without decrypting the payload. More and more network traffic is being encrypted, and it is crucial to update our intrusion detection methods to maintain at least some level of network visibility
A Distributed Ledger based infrastructure for Intelligent Transportation Systems
Intelligent Transportation Systems (ITS) are proposed as an efficient way to improve performances in transportation systems applying information, communication, and sensor technologies to vehicles and transportation infrastructures. The great amount of vehicles produced data, indeed, can potentially lead to a revolution in ITS development, making them more powerful multifunctional systems. To this purpose, the use of Vehicular Ad-hoc Networks (VANETs) can provide comfort and security to drivers through reliable communications. Meanwhile, distributed ledgers have emerged in recent years radically evolving the way that we used to consider finance, trust in communication and even renewing the concept of data sharing and allowing to establish autonomous, secured, trusted and decentralized systems. In this work an ITS infrastructure based on the combination of different emerging Distributed Ledger Technologies (DLTs) and VANETs is proposed, resulting in a transparent, self-managed and self-regulated system, that is not fully managed by a central authority. The intended design is focused on the user ability to use any type of DLT-based application and to transact using Smart Contracts, but also on the access control and verification over user’s vehicle produced data. Users "smart" transactions are achieved thanks to the Ethereum blockchain, widely used for distributed trusted computation, whilst data sharing and data access is possible thanks to the use of IOTA, a DLT fully designed to operate in the Internet of Things landscape, and IPFS, a protocol and a network that allows to work in a distributed file system. The aim of this thesis is to create a ready-to-work infrastructure based on the hypothesis that every user in the ITS must be able to participate. To evaluate the proposal, an infrastructure implementation is used in different real world use cases, common in Smart Cities and related to the ITS, and performance measurements are carried out for DLTs used
IDENTIFICATION OF USERS VIA SSH TIMING ATTACK
Secure Shell, a tool to securely access and run programs on a remote machine, is an important tool for both system administrators and developers alike. The technology landscape is becoming increasingly distributed and reliant on tools such as Secure Shell to protect information as a user works on a system remotely. While Secure Shell accounts for the abuses the security of older tools such as telnet overlook, it still has fundamental vulnerabilities which leak information about both the user and their activities through timing attacks. The OpenSSH client, the implementation included in all Linux, Mac, and Windows computers, sends each keystroke entered to the server as soon as it becomes available. As a result, an attacker can observe the network patterns to know when a user presses a key and draw conclusions based on that information such as what a user is typing or who they are. In this thesis, we demonstrate that such an attack allows a malicious observer to identify a user with a concerning level of accuracy without having direct access to either the client or server systems. Using machine learning classifiers, we identify individual users in a crowd based solely on the size and timing of packets traveling across the network. We find that our classifiers were able to identify users with 20\% accuracy using as little as one hour of network traffic. Two of them promise to scale well to the number of users
- …