Designing Security Policies for Complex SCADA Systems Protection

The management and protection of these SCADA systems must constantly evolve towards integrated decision making and policy driven by cyber security requirements. The current research stream in this domain aims, accordingly, to foster the smartness of the field equipment which exist through the generic concept of SCADA management and operation. Those components are governed by policies which depend on the components roles, as well as on the evolution of the crisis which also confer to the latter the latitude to react based on their own perception of the crisis evolution. Their latitude is calculated based on the component smartness and is strongly determined by, and depending on, the cyber safety of the component environment. Existing work related to crisis management tends to consider that components evolve and are organized in systems but as far as we know, no systemic solution exists which integrates all of the above requirements. This paper proposes an innovative version of ArchiMate® for the SCADA components modelling purpose to enrich their collaborations and, more particularly, the description of their behavior endorsed in the cyber-policy. Our work has been illustrated in the frame of a critical infrastructure in the field of petroleum supply and storage networks

Efficient Range-Free Monte-Carlo-Localization for Mobile Wireless Sensor Networks

Das Hauptproblem von Lokalisierungsalgorithmen für WSNs basierend auf Ankerknoten ist die Abhängigkeit von diesen. Mobilität im Netzwerk kann zu Topologien führen, in denen einzelne Knoten oder ganze Teile des Netzwerks temporär von allen Ankerknoten isoliert werden. In diesen Fällen ist keine weitere Lokalisierung möglich. Dies wirkt sich primär auf den Lokalisierungsfehler aus, der in diesen Fällen stark ansteigt. Des weiteren haben Betreiber von Sensornetzwerken Interesse daran, die Anzahl der kosten- und wartungsintensiveren Ankerknoten auf ein Minimum zu reduzieren. Dies verstärkt zusätzlich das Problem von nicht verfügbaren Ankerknoten während des Netzwerkbetriebs. In dieser Arbeit werden zunächst die Vor- und Nachteile der beiden großen Hauptkategorien von Lokalisierungsalgorithmen (range-based und range-free Verfahren) diskutiert und eine Studie eines oft für range-based Lokalisierung genutzten Distanzbestimmungsverfahren mit Hilfe des RSSI vorgestellt. Danach werden zwei neue Varianten für ein bekanntes range-free Lokalisierungsverfahren mit Namen MCL eingeführt. Beide haben zum Ziel das Problem der temporär nicht verfügbaren Ankerknoten zu lösen, bedienen sich dabei aber unterschiedlicher Mittel. SA-MCL nutzt ein dead reckoning Verfahren, um die Positionsschätzung vom letzten bekannten Standort weiter zu führen. Dies geschieht mit Hilfe von zusätzlichen Sensorinformationen, die von einem elektronischen Kompass und einem Beschleunigungsmesser zur Verfügung gestellt werden. PO-MCL hingegen nutzt das Mobilitätsverhalten von einigen Anwendungen in Sensornetzwerken aus, bei denen sich alle Knoten primär auf einer festen Anzahl von Pfaden bewegen, um den Lokalisierungsprozess zu verbessern. Beide Methoden werden durch detaillierte Netzwerksimulationen evaluiert. Im Fall von SA-MCL wird außerdem eine Implementierung auf echter Hardware vorgestellt und eine Feldstudie in einem mobilen Sensornetzwerk durchgeführt. Aus den Ergebnissen ist zu sehen, dass der Lokalisierungsfehler in Situationen mit niedriger Ankerknotendichte im Fall von SA-MCL um bis zu 60% reduziert werden kann, beziehungsweise um bis zu 50% im Fall von PO-MCL.

Implementation and Evaluation of A Low-Cost Intrusion Detection System For Community Wireless Mesh Networks

Rural Community Wireless Mesh Networks (WMN) can be great assets to rural communities, helping them connect to the rest of their region and beyond. However, they can be a liability in terms of security. Due to the ad-hoc nature of a WMN, and the wide variety of applications and systems that can be found in such a heterogeneous environment there are multiple points of intrusion for an attacker. An unsecured WMN can lead to privacy and legal problems for the users of the network. Due to the resource constrained environment, traditional Intrusion Detection Systems (IDS) have not been as successful in defending these wireless network environments, as they were in wired network deployments. This thesis proposes that an IDS made up of low cost, low power devices can be an acceptable base for a Wireless Mesh Network Intrusion Detection System. Because of the device's low power, cost and ease of use, such a device could be easily deployed and maintained in a rural setting such as a Community WMN. The proposed system was compared to a standard IDS solution that would not cover the entire network, but had much more computing power but also a higher capital cost as well as maintenance costs. By comparing the low cost low power IDS to a standard deployment of an open source IDS, based on network coverage and deployment costs, a determination can be made that a low power solution can be feasible in a rural deployment of a WMN

Resilient and Scalable Android Malware Fingerprinting and Detection

Malicious software (Malware) proliferation reaches hundreds of thousands daily. The manual analysis of such a large volume of malware is daunting and time-consuming. The diversity of targeted systems in terms of architecture and platforms compounds the challenges of Android malware detection and malware in general. This highlights the need to design and implement new scalable and robust methods, techniques, and tools to detect Android malware. In this thesis, we develop a malware fingerprinting framework to cover accurate Android malware detection and family attribution. In this context, we emphasize the following: (i) the scalability over a large malware corpus; (ii) the resiliency to common obfuscation techniques; (iii) the portability over different platforms and architectures. In the context of bulk and offline detection on the laboratory/vendor level: First, we propose an approximate fingerprinting technique for Android packaging that captures the underlying static structure of the Android apps. We also propose a malware clustering framework on top of this fingerprinting technique to perform unsupervised malware detection and grouping by building and partitioning a similarity network of malicious apps. Second, we propose an approximate fingerprinting technique for Android malware's behavior reports generated using dynamic analyses leveraging natural language processing techniques. Based on this fingerprinting technique, we propose a portable malware detection and family threat attribution framework employing supervised machine learning techniques. Third, we design an automatic framework to produce intelligence about the underlying malicious cyber-infrastructures of Android malware. We leverage graph analysis techniques to generate relevant, actionable, and granular intelligence that can be used to identify the threat effects induced by malicious Internet activity associated to Android malicious apps. In the context of the single app and online detection on the mobile device level, we further propose the following: Fourth, we design a portable and effective Android malware detection system that is suitable for deployment on mobile and resource constrained devices, using machine learning classification on raw method call sequences. Fifth, we elaborate a framework for Android malware detection that is resilient to common code obfuscation techniques and adaptive to operating systems and malware change overtime, using natural language processing and deep learning techniques. We also evaluate the portability of the proposed techniques and methods beyond Android platform malware, as follows: Sixth, we leverage the previously elaborated techniques to build a framework for cross-platform ransomware fingerprinting relying on raw hybrid features in conjunction with advanced deep learning techniques

Android source code vulnerability detection: a systematic literature review

The use of mobile devices is rising daily in this technological era. A continuous and increasing number of mobile applications are constantly offered on mobile marketplaces to fulfil the needs of smartphone users. Many Android applications do not address the security aspects appropriately. This is often due to a lack of automated mechanisms to identify, test, and fix source code vulnerabilities at the early stages of design and development. Therefore, the need to fix such issues at the initial stages rather than providing updates and patches to the published applications is widely recognized. Researchers have proposed several methods to improve the security of applications by detecting source code vulnerabilities and malicious codes. This Systematic Literature Review (SLR) focuses on Android application analysis and source code vulnerability detection methods and tools by critically evaluating 118 carefully selected technical studies published between 2016 and 2022. It highlights the advantages, disadvantages, applicability of the proposed techniques and potential improvements of those studies. Both Machine Learning (ML) based methods and conventional methods related to vulnerability detection are discussed while focusing more on ML-based methods since many recent studies conducted experiments with ML. Therefore, this paper aims to enable researchers to acquire in-depth knowledge in secure mobile application development while minimizing the vulnerabilities by applying ML methods. Furthermore, researchers can use the discussions and findings of this SLR to identify potential future research and development directions

A COMPARISON BETWEEN MOTIVATIONS AND PERSONALITY TRAITS IN RELIGIOUS TOURISTS AND CRUISE SHIP TOURISTS

The purpose of this paper is to analyze the motivations and the personality traits that characterize tourists who choose religious travels versus cruises. Participating in the research were 683 Italian tourists (345 males and 338 females, age range 18–63 years); 483 who went to a pilgrimage travel and 200 who chose a cruise ship in the Mediterranean Sea. Both groups of tourists completed the Travel Motivation Scale and the Big Five Questionnaire. Results show that different motivations and personality traits characterize the different types of tourists and, further, that motivations for traveling are predicted by specific —some similar, other divergent— personality trait