174 research outputs found
Analysis of threats and security issues evaluation in mobile P2P networks
Technically, mobile P2P network system architecture can consider as a distributed architecture system (like a community), where the nodes or users can share all or some of their own software and hardware resources such as (applications store, processing time, storage, network bandwidth) with the other nodes (users) through Internet, and these resources can be accessible directly by the nodes in that system without the need of a central coordination node. The main structure of our proposed network architecture is that all the nodes are symmetric in their functions. In this work,
the security issues of mobile P2P network system architecture such as (web threats, attacks and encryption) will be discussed deeply and then we propose different approaches and we analysis and evaluation of these mobile P2P network security issues and submit some proposal solutions to resolve the related problems with threats and other different attacks since these threats and attacks will be serious issue as networks are growing up especially with mobility attribute in current P2P networks
Study of Peer-to-Peer Network Based Cybercrime Investigation: Application on Botnet Technologies
The scalable, low overhead attributes of Peer-to-Peer (P2P) Internet
protocols and networks lend themselves well to being exploited by criminals to
execute a large range of cybercrimes. The types of crimes aided by P2P
technology include copyright infringement, sharing of illicit images of
children, fraud, hacking/cracking, denial of service attacks and virus/malware
propagation through the use of a variety of worms, botnets, malware, viruses
and P2P file sharing. This project is focused on study of active P2P nodes
along with the analysis of the undocumented communication methods employed in
many of these large unstructured networks. This is achieved through the design
and implementation of an efficient P2P monitoring and crawling toolset. The
requirement for investigating P2P based systems is not limited to the more
obvious cybercrimes listed above, as many legitimate P2P based applications may
also be pertinent to a digital forensic investigation, e.g, voice over IP,
instant messaging, etc. Investigating these networks has become increasingly
difficult due to the broad range of network topologies and the ever increasing
and evolving range of P2P based applications. In this work we introduce the
Universal P2P Network Investigation Framework (UP2PNIF), a framework which
enables significantly faster and less labour intensive investigation of newly
discovered P2P networks through the exploitation of the commonalities in P2P
network functionality. In combination with a reference database of known
network characteristics, it is envisioned that any known P2P network can be
instantly investigated using the framework, which can intelligently determine
the best investigation methodology and greatly expedite the evidence gathering
process. A proof of concept tool was developed for conducting investigations on
the BitTorrent network.Comment: This is a thesis submitted in fulfilment of a PhD in Digital
Forensics and Cybercrime Investigation in the School of Computer Science,
University College Dublin in October 201
Security Attacks and Countermeasures in Smart Homes
The Internet of Things (IoT) application is visible in all aspects of humans’ day-to-day affairs. The demand for IoT is growing at an unprecedented rate, from wearable wristwatches to autopilot cars. The smart home has also seen significant advancements to improve the quality of lifestyle. However, the security and privacy of IoT devices have become primary concerns as data is shared among intelligent devices and over the internet in a smart home network. There are several attacks - node capturing attack, sniffing attack, malware attack, boot phase attack, etc., which are conducted by adversaries to breach the security of smart homes. The security breach has a negative impact on the tenants\u27 privacy and prevents the availability of smart home services. This article presents smart homes\u27 most common security attacks and mitigation techniques
Collusion in Peer-to-Peer Systems
Peer-to-peer systems have reached a widespread use, ranging from academic and industrial applications to home entertainment. The key advantage of this paradigm lies in its scalability and flexibility, consequences of the participants sharing their resources for the common welfare. Security in such systems is a desirable goal. For example, when mission-critical operations or bank transactions are involved, their effectiveness strongly depends on the perception that users have about the system dependability and trustworthiness. A major threat to the security of these systems is the phenomenon of collusion. Peers can be selfish colluders, when they try to fool the system to gain unfair advantages over other peers, or malicious, when their purpose is to subvert the system or disturb other users. The problem, however, has received so far only a marginal attention by the research community. While several solutions exist to counter attacks in peer-to-peer systems, very few of them are meant to directly counter colluders and their attacks. Reputation, micro-payments, and concepts of game theory are currently used as the main means to obtain fairness in the usage of the resources. Our goal is to provide an overview of the topic by examining the key issues involved. We measure the relevance of the problem in the current literature and the effectiveness of existing philosophies against it, to suggest fruitful directions in the further development of the field
Alignment is not sufficient to prevent large language models from generating harmful information: A psychoanalytic perspective
Large Language Models (LLMs) are central to a multitude of applications but
struggle with significant risks, notably in generating harmful content and
biases. Drawing an analogy to the human psyche's conflict between evolutionary
survival instincts and societal norm adherence elucidated in Freud's
psychoanalysis theory, we argue that LLMs suffer a similar fundamental
conflict, arising between their inherent desire for syntactic and semantic
continuity, established during the pre-training phase, and the post-training
alignment with human values. This conflict renders LLMs vulnerable to
adversarial attacks, wherein intensifying the models' desire for continuity can
circumvent alignment efforts, resulting in the generation of harmful
information. Through a series of experiments, we first validated the existence
of the desire for continuity in LLMs, and further devised a straightforward yet
powerful technique, such as incomplete sentences, negative priming, and
cognitive dissonance scenarios, to demonstrate that even advanced LLMs struggle
to prevent the generation of harmful information. In summary, our study
uncovers the root of LLMs' vulnerabilities to adversarial attacks, hereby
questioning the efficacy of solely relying on sophisticated alignment methods,
and further advocates for a new training idea that integrates modal concepts
alongside traditional amodal concepts, aiming to endow LLMs with a more nuanced
understanding of real-world contexts and ethical considerations
Metodologias para caracterização de tráfego em redes de comunicações
Tese de doutoramento em Metodologias para caracterização de tráfego em redes de comunicaçõesInternet Tra c, Internet Applications, Internet Attacks, Tra c Pro ling,
Multi-Scale Analysis
abstract Nowadays, the Internet can be seen as an ever-changing platform where new
and di erent types of services and applications are constantly emerging. In
fact, many of the existing dominant applications, such as social networks,
have appeared recently, being rapidly adopted by the user community. All
these new applications required the implementation of novel communication
protocols that present di erent network requirements, according to the service
they deploy. All this diversity and novelty has lead to an increasing need
of accurately pro ling Internet users, by mapping their tra c to the originating
application, in order to improve many network management tasks such
as resources optimization, network performance, service personalization and
security. However, accurately mapping tra c to its originating application
is a di cult task due to the inherent complexity of existing network protocols
and to several restrictions that prevent the analysis of the contents of
the generated tra c. In fact, many technologies, such as tra c encryption,
are widely deployed to assure and protect the con dentiality and integrity
of communications over the Internet. On the other hand, many legal constraints
also forbid the analysis of the clients' tra c in order to protect
their con dentiality and privacy. Consequently, novel tra c discrimination
methodologies are necessary for an accurate tra c classi cation and user
pro ling. This thesis proposes several identi cation methodologies for an
accurate Internet tra c pro ling while coping with the di erent mentioned
restrictions and with the existing encryption techniques. By analyzing the
several frequency components present in the captured tra c and inferring
the presence of the di erent network and user related events, the proposed
approaches are able to create a pro le for each one of the analyzed Internet
applications. The use of several probabilistic models will allow the accurate
association of the analyzed tra c to the corresponding application. Several
enhancements will also be proposed in order to allow the identi cation of
hidden illicit patterns and the real-time classi cation of captured tra c.
In addition, a new network management paradigm for wired and wireless
networks will be proposed. The analysis of the layer 2 tra c metrics and
the di erent frequency components that are present in the captured tra c
allows an e cient user pro ling in terms of the used web-application. Finally,
some usage scenarios for these methodologies will be presented and
discussed
A Survey of DeFi Security: Challenges and Opportunities
DeFi, or Decentralized Finance, is based on a distributed ledger called
blockchain technology. Using blockchain, DeFi may customize the execution of
predetermined operations between parties. The DeFi system use blockchain
technology to execute user transactions, such as lending and exchanging. The
total value locked in DeFi decreased from \$200 billion in April 2022 to \$80
billion in July 2022, indicating that security in this area remained
problematic. In this paper, we address the deficiency in DeFi security studies.
To our best knowledge, our paper is the first to make a systematic analysis of
DeFi security. First, we summarize the DeFi-related vulnerabilities in each
blockchain layer. Additionally, application-level vulnerabilities are also
analyzed. Then we classify and analyze real-world DeFi attacks based on the
principles that correlate to the vulnerabilities. In addition, we collect
optimization strategies from the data, network, consensus, smart contract, and
application layers. And then, we describe the weaknesses and technical
approaches they address. On the basis of this comprehensive analysis, we
summarize several challenges and possible future directions in DeFi to offer
ideas for further research
Typhoid Mario: Video Game Piracy as Viral Vector and National Security Threat
Current academic and policy discussions regarding video game piracy focus on the economic losses inherent to copyright infringement. Unfortunately, this approach neglects the most significant implication of video game piracy: malware distribution. Copyright-motivated efforts to shut down file-sharing sites do little to reduce piracy and actually increase viral malware infection. Pirated video games are an ideal delivery device for malware, as users routinely launch unverified programs and forego virus detection. The illicit nature of the transaction forces users to rely almost entirely on the reputation of websites, uploaders, and other users to determine if a file is safe to download. In spite of this, stakeholders continue to push for ineffectual anti-infringement actions that destroy this reputational infrastructure.
Scholars and policymakers have not made a case for utility by considering only first-stage economic incentives to create content. In addition to the economic consequences, malware must be taken seriously as a threat to infrastructure and national security, especially in light of Russia’s efforts to infect machines to influence and delegitimize elections. Accordingly, this Article proposes that we adopt a harm reduction philosophy that both dissuades piracy and decreases the malware risk attendant to ongoing piracy
Need To Know Before Utopian Balloon Is Popped: Security Perspective Analysis of Nun-Fungible Tokens
Non-Fungible Tokens (NFTs) have exploded into the technological and blockchain worlds with millions of dollars’ worth of cryptocurrencies such as Ethereum and Bitcoin among others, being traded for with these NFTs by individuals. NFTs are utilized by most buyers and sellers to show authenticity and sole ownership of a rare piece of work which could be in the form of an art, a video, a game, an image, a collectible, or anything the individual deems to be of great value and of interest for other individuals to pay for and own. NFTs however are not immune to the security and privacy issues that are already affiliated with the blockchain. This research work therefore examines the existing vulnerabilities in the blockchain then specifically investigates vulnerabilities with NFTs. Not much of research effort has been put into this area but the ones that have been conducted centered on generic security issues related to Non-Fungible Tokens. Taxonomies are developed in this paper to classify the security threats and attacks as identified by investigating the vulnerabilities of NFTs. This work will be of great assistance to investors and developers who look to enter into the NFT market, as they will be provided with some adequate knowledge for them to be aware of the security issues related to the booming market of NFTs
- …