A multilabel fuzzy relevance clustering system for malware attack attribution in the edge layer of cyber-physical networks

The rapid increase in the number of malicious programs has made malware forensics a daunting task and caused users’ systems to become in danger. Timely identification of malware characteristics including its origin and the malware sample family would significantly limit the potential damage of malware. This is a more profound risk in Cyber-Physical Systems (CPSs), where a malware attack may cause significant physical damage to the infrastructure. Due to limited on-device available memory and processing power in CPS devices, most of the efforts for protecting CPS networks are focused on the edge layer, where the majority of security mechanisms are deployed. Since the majority of advanced and sophisticated malware programs are combining features from different families, these malicious programs are not similar enough to any existing malware family and easily evade binary classifier detection. Therefore, in this article, we propose a novel multilabel fuzzy clustering system for malware attack attribution. Our system is deployed on the edge layer to provide insight into applicable malware threats to the CPS network. We leverage static analysis by utilizing Opcode frequencies as the feature space to classify malware families. We observed that a multilabel classifier does not classify a part of samples. We named this problem the instance coverage problem. To overcome this problem, we developed an ensemble-based multilabel fuzzy classification method to suggest the relevance of a malware instance to the stricken families. This classifier identified samples of VirusShare, RansomwareTracker, and BIG2015 with an accuracy of 94.66%, 94.26%, and 97.56%, respectively

On the feasibility of attribute-based encryption on Internet of Things devices

Attribute-based encryption (ABE) could be an effective cryptographic tool for the secure management of Internet of Things (IoT) devices, but its feasibility in the IoT has been under-investigated thus far. This article explores such feasibility for well-known IoT platforms, namely, Intel Galileo Gen 2, Intel Edison, Raspberry pi 1 model B, and Raspberry pi zero, and concludes that adopting ABE in the IoT is indeed feasible

A systematic literature review and meta-analysis on artificial intelligence in penetration testing and vulnerability assessment

Vulnerability assessment (e.g., vulnerability identification and exploitation; also referred to as penetration testing) is a relatively mature industry, although attempting to keep pace with the diversity of computing and digital devices that need to be examined is challenging. Hence, there has been ongoing interest in exploring the potential of artificial intelligence to enhance penetration testing and vulnerability identification of systems, as evidenced by the systematic literature review performed in this paper. In this review, we focus only on empirical papers, and based on the findings, we identify a number of potential research challenges and opportunities, such as scalability and the need for real-time identification of exploitable vulnerabilities

Intelligent conditional collaborative private data sharing

With the advent of distributed systems, secure and privacy-preserving data sharing between different entities (individuals or organizations) becomes a challenging issue. There are several real-world scenarios in which different entities are willing to share their private data only under certain circumstances, such as sharing the system logs when there is indications of cyber attack in order to provide cyber threat intelligence. Therefore, over the past few years, several researchers proposed solutions for collaborative data sharing, mostly based on existing cryptographic algorithms. However, the existing approaches are not appropriate for conditional data sharing, i.e., sharing the data if and only if a pre-defined condition is satisfied due to the occurrence of an event. Moreover, in case the existing solutions are used in conditional data sharing scenarios, the shared secret will be revealed to all parties and re-keying process is necessary. In this work, in order to address the aforementioned challenges, we propose, a “conditional collaborative private data sharing” protocol based on Identity-Based Encryption and Threshold Secret Sharing schemes. In our proposed approach, the condition based on which the encrypted data will be revealed to the collaborating parties (or a central entity) could be of two types: (i) threshold, or (ii) pre-defined policy. Supported by thorough analytical and experimental analysis, we show the effectiveness and performance of our proposal

Blockchain-based privacy-preserving healthcare architecture

Since the introduction of Internet of Things (IoT), e-health has become one of the main research topics.Due to the sensitivity of patient data,preserving the privacy of patientsappears to be challenging. In healthcare applications, patient data are usually stored in the cloud, which makes it difficult for the users to have enough control over their data. However, due to the General Data Protection Regulation (GDPR), it is the data subject’s right to know where and how hisdata has been stored, who can access hisdata and to what extent. In this paper, we propose a blockchain-based architecture for e-health applications whichprovides an efficient privacy-preserving access control mechanism. We take advantage of Blockchain(BC)special features, i.e., immutability and anonymity of users,whilemodifyingthe classic blockchain structure in order to overcome its challenges in IoT applications(i.e., low throughput, high overhead and latency). To this end, we cluster the miners of BC, store and process data at the nearest clusterto the patient. While our proposal is a work in progress, we provide a security analysis of our proposed architecture

A systematic literature review of blockchain cyber security

Since the publication of Satoshi Nakamoto's white paper on Bitcoin in 2008, blockchain has (slowly) become one of the most frequently discussed methods for securing data storage and transfer through decentralized, trustless, peer-to-peer systems. This research identifies peer-reviewed literature that seeks to utilize blockchain for cyber security purposes and presents a systematic analysis of the most frequently adopted blockchain security applications. Our findings show that the Internet of Things (IoT) lends itself well to novel blockchain applications, as do networks and machine visualization, public key cryptography, web applications, certification schemes and the secure storage of Personally Identifiable Information (PII). This timely systematic review also sheds light on future directions of research, education and practices in the blockchain and cyber security space, such as security of blockchain in IoT, security of blockchain for AI data, and sidechain security,etc

A hierarchical key pre-distribution scheme for fog networks

Security in fog computing is multi-faceted, and one particular challenge is establishing a secure communication channel between fog nodes and end devices. This emphasizes the importance of designing efficient and secret key distribution scheme to facilitate fog nodes and end devices to establish secure communication channels. Existing secure key distribution schemes designed for hierarchical networks may be deployable in fog computing, but they incur high computational and communication overheads and thus consume significant memory. In this paper, we propose a novel hierarchical key pre-distribution scheme based on “Residual Design” for fog networks. The proposed key distribution scheme is designed to minimize storage overhead and memory consumption, while increasing network scalability. The scheme is also designed to be secure against node capture attacks. We demonstrate that in an equal-size network, our scheme achieves around 84% improvement in terms of node storage overhead, and around 96% improvement in terms of network scalability. Our research paves the way for building an efficient key management framework for secure communication within the hierarchical network of fog nodes and end devices. KEYWORDS: Fog Computing, Key distribution, Hierarchical Networks

Forensic investigation of cooperative storage cloud service: Symform as a case study

Researchers envisioned Storage as a Service (StaaS) as an effective solution to the distributed management of digital data. Cooperative storage cloud forensic is relatively new and is an under-explored area of research. Using Symform as a case study, we seek to determine the data remnants from the use of cooperative cloud storage services. In particular, we consider both mobile devices and personal computers running various popular operating systems, namely Windows 8.1, Mac OS X Mavericks 10.9.5, Ubuntu 14.04.1 LTS, iOS 7.1.2, and Android KitKat 4.4.4. Potential artefacts recovered during the research include data relating to the installation and uninstallation of the cloud applications, log-in to and log-out from Symform account using the client application, file synchronization as well as their time stamp information. This research contributes to an in-depth understanding of the types of terrestrial artifacts that are likely to remain after the use of cooperative storage cloud on client devices

A cyber-kill-chain based taxonomy of crypto-ransomware features

In spite of being just a few years old, ransomware is quickly becoming a serious threat to our digital infrastructures, data and services. Majority of ransomware families are requesting for a ransom payment to restore a custodian access or decrypt data which were encrypted by the ransomware earlier. Although the ransomware attack strategy seems to be simple, security specialists ranked ransomware as a sophisticated attack vector with many variations and families. Wide range of features which are available in different families and versions of ransomware further complicates their detection and analysis. Though the existing body of research provides significant discussions about ransomware details and capabilities, the all research body is fragmented. Therefore, a ransomware feature taxonomy would advance cyber defenders’ understanding of associated risks of ransomware. In this paper we provide, to the best of our knowledge, the first scientific taxonomy of ransomware features, aligned with Lockheed Martin Cyber Kill Chain (CKC) model. CKC is a well-established model in industry that describes stages of cyber intrusion attempts. To ease the challenge of applying our taxonomy in real world, we also provide the corresponding ransomware defence taxonomy aligned with Courses of Action matrix (an intelligence-driven defence model). We believe that this research study is of high value for the cyber security research community, as it provides the researchers with a means of assessing the vulnerabilities and attack vectors towards the intended victims

Design and synthesis of non-peptide mimetics mapping the immunodominant myelin basic protein (MBP83–96) Epitope to function as T-cell receptor antagonists

Encephalitogenic T cells are heavily implicated in the pathogenesis of multiple sclerosis (MS), an autoimmune demyelinating disease of the central nervous system. Their stimulation is triggered by the formation of a trimolecular complex between the human leukocyte antigen (HLA), an immunodominant myelin basic protein (MBP) epitope, and the T cell receptor (TCR). We detail herein our studies directed towards the rational design and synthesis of non-peptide mimetic molecules, based on the immunodominant MBP83–96 epitope that is recognized by the TCR in complex with HLA. We focused our attention on the inhibition of the trimolecular complex formation and consequently the inhibition of proliferation of activated T cells. A structure-based pharmacophore model was generated, in view of the interactions between the TCR and the HLA-MBP83–96 complex. As a result, new candidate molecules were designed based on lead compounds obtained through the ZINC database. Moreover, semi-empirical and density functional theory methods were applied for the prediction of the binding energy between the proposed non-peptide mimetics and the TCR. We synthesized six molecules that were further evaluated in vitro as TCR antagonists. Analogues 15 and 16 were able to inhibit to some extent the stimulation of T cells by the immunodominant MBP83–99 peptide from immunized mice. Inhibition was followed to a lesser degree by analogues 17 and 18 and then by analogue 19. These studies show that lead compounds 15 and 16 may be used for immunotherapy against MS