A multilabel fuzzy relevance clustering system for malware attack attribution in the edge layer of cyber-physical networks

The rapid increase in the number of malicious programs has made malware forensics a daunting task and caused users’ systems to become in danger. Timely identification of malware characteristics including its origin and the malware sample family would significantly limit the potential damage of malware. This is a more profound risk in Cyber-Physical Systems (CPSs), where a malware attack may cause significant physical damage to the infrastructure. Due to limited on-device available memory and processing power in CPS devices, most of the efforts for protecting CPS networks are focused on the edge layer, where the majority of security mechanisms are deployed. Since the majority of advanced and sophisticated malware programs are combining features from different families, these malicious programs are not similar enough to any existing malware family and easily evade binary classifier detection. Therefore, in this article, we propose a novel multilabel fuzzy clustering system for malware attack attribution. Our system is deployed on the edge layer to provide insight into applicable malware threats to the CPS network. We leverage static analysis by utilizing Opcode frequencies as the feature space to classify malware families. We observed that a multilabel classifier does not classify a part of samples. We named this problem the instance coverage problem. To overcome this problem, we developed an ensemble-based multilabel fuzzy classification method to suggest the relevance of a malware instance to the stricken families. This classifier identified samples of VirusShare, RansomwareTracker, and BIG2015 with an accuracy of 94.66%, 94.26%, and 97.56%, respectively

IoT database forensics : an investigation on HarperDB Security

The data that are generated by several devices in the IoT realmrequire careful and real time processing. Recently, researchers haveconcentrated on the usage of cloud databases for storing such datato improve efficiency. HarperDB aims at producing a DBMS that isrelational and non-relational simultaneously, to help journeymendevelopers creating products and servers in the IoT space. Much ofwhat the HarperDB team has talked about has been achieved, butfrom a security perspective, a lot of improvements need to be made.The team has clearly focused on the problems that exist from adatabase and data point of view, creating a structure that is unique,fast, easy to use and has great potential to grow with a startup.The functionality and ease of use of this DBMS is not in question,however as the trade-off triangle to the right suggests, this doesentail an impact to security. In this paper, using multiple forensicmethodologies, we performed an in-depth forensic analysis onHarperDB and found several areas of extreme concern, such as lackof logging functionalities, basic level of authorisation, exposure ofusers’ access rights to any party using the database, There had to bea focus on preventative advice instead of reactive workarounds dueto the nature of the flaws found in HarperDB. As such, we providea number of recommendations for the users and developers

On the feasibility of attribute-based encryption on Internet of Things devices

Attribute-based encryption (ABE) could be an effective cryptographic tool for the secure management of Internet of Things (IoT) devices, but its feasibility in the IoT has been under-investigated thus far. This article explores such feasibility for well-known IoT platforms, namely, Intel Galileo Gen 2, Intel Edison, Raspberry pi 1 model B, and Raspberry pi zero, and concludes that adopting ABE in the IoT is indeed feasible

Security challenges of Internet of Underwater Things : a systematic literature review

Water covers approximately 71% of the earth surface, yet much of the underwater world remains unexplored due to technology limitations. Internet of Underwater Things (IoUT) is a network of underwater objects that enables monitoring subsea environment remotely. Underwater Wireless Sensor Network (UWSN) is the main enabling technology for IoUT. UWSNs are characterised by the limitations of the underlying acoustic communication medium, high energy consumption, lack of hardware resources to implement computationally intensive tasks and dynamic network topology due to node mobility. These characteristics render UNWSNs vulnerable to different attacks, such as Wormhole, Sybil, flooding, jamming, spoofing and Denial of Service (DoS) attacks. This article reviews peer-reviewed literature that addresses the security challenges and attacks on UWSNs as well as possible mitigative solutions. Findings show that the biggest contributing factors to security threats in UWSNs are the limited energy supply, the limited communication medium and the harsh underwater communication conditions. Researchers in this field agree that the security measures of terrestrial wireless sensor networks are not directly applicable to UWSNs due to the unique nature of the underwater environment where resource management becomes a significant challenge. This article also outlines future research directions on security and privacy challenges of IoUT and UWSN

PROUD : verifiable privacy-preserving outsourced attribute based signcryption supporting access policy update for cloud assisted IoT applications

The ever-growing number of Internet connected devices poses several cybersecurity risks. Most of the exchanged data between the Internet of Things (IoT) devices are not adequately secured due to resource constraints on IoT devices. Attribute Based SignCryption (ABSC) is a powerful cryptographic mechanism suitable for distributed environments, providing flexible access control and data secrecy. However, it imposes high designcryption costs, and does not support access policy update (user addition/revocation). This paper presents PROUD, an ABSC solution, to securely outsource data designcryption process to edge servers in order to reduce the computation overhead on the user side. PROUD allows end-users to offload most of the designcryption overhead to an edge server and verify the correctness of the received partially designcrypted data from the edge server. Moreover, PROUD provides the access policy update feature with neither involving a proxy-server, nor re-signcrypting the signcrypted message and re-distributing the users’ secret keys. The access policy update feature in PROUD does not affect the size of the message received by the end-user which reduces the bandwidth and the storage usage. Our comprehensive theoretical and experimental analysis prove that PROUD outperforms existing schemes in terms of functionality, communication and computation overhead

Deriving Environmental Risk Profiles for Autonomous Vehicles From Simulated Trips

The commercial adoption of Autonomous Vehicles (AVs) and the positive impact they are expected to have on traffic safety depends on appropriate insurance products due to the high potential losses. A significant proportion of these losses are expected to occur from the out-of-distribution risks which arise from situations outside the AV’s training experience. Traditional vehicle insurance products (for human-driven vehicles) rely on large data sets of drivers’ background and historical incidents. However, the lack of such datasets for AVs makes it imperative to exploit the ability to deploy AVs in simulated environments. In this paper, the data collected by deploying Autonomous Driving Systems (ADSs) in simulated environments is used to develop models to answer two questions: (1) how risky a road Section is for an AV to drive? and (2) how does the risk profile vary with different (SAE levels) of ADSs? A simulation pipeline was built on the CARLA (Car Learning to Act): an open-source simulator for autonomous driving research. The environment was specified using parameters such as weather, lighting, traffic density, traffic flow, no. of lanes, etc. A metric - risk factor was defined as a combination of harsh accelerations/braking, inverse Time to Collision, and inverse Time Headway to capture the crashes and near-crashes. To assess the difference between ADSs, two ADSs: OpenPilot (Level 2/3) and Pylot (Level 4) were implemented in the simulator. The results (from data and model predictions) show that the trends in the relation between the environment features and risk factor for an AV are similar to those observed for human drivers (e.g., risk increases with traffic flow). The models also showed that junctions were a risk hot-spot for both ADSs. The feature importance of the model revealed that the Level 2/3 ADS is more sensitive to no. of lanes and the Level 4 ADS is sensitive to traffic flow. Such differences in feature importance provide valuable insights into the risk characteristics of different ADSs. In the future, this base model will be extended to include other features (other than the environment), e.g., take over requests, and also address the deficiencies of the current simulation data in terms of insensitivity to weather and lighting

Time Profile of nNOS Expression in the Spinal Dorsal Horn After L₅ Spinal Root Transection in Rats

Using immunohistochemical analysis, we investigated the time profile of neuronal nitric oxide synthase (nNOS) expression in the lumbar spinal cord up to day 28 after transection of the L₅ spinal root. On day 14 after injury, we also evaluated the effect of intrathecal application of 7-nitroindazole (7-NI), a selective nNOS inhibitor (8.15 µg in 5 µl), on thermal hyperalgesia. Our results indicated that nerve transection increased the intensity of nNOSimmunoreactivity in superficial and deep laminae of the dorsal horn within a late stage (days 7 to 28) of the neuropathy model used. Furthermore, 7-NI attenuated nerve injury-evoked thermal hypersensitivity on day 14 but did not reduce it between days 2 and 5 after transection. These data suggest that nNOS overexpression is more involved in the development than in the initiation of thermal hyperalgesia in L₅ -transected rats.Ми досліджували часовий профіль експресії нейронної NOсинтази (nNOS) у люмбальному відділі спинного мозку щурів протягом 28 діб після перерізання спінального корінця L₅ , використовуючи імуногістохімічну методику. Ми також оцінювали впливи інтратекальних аплікацій 7-нітроіндазолу (7-NI) – селективного інгібітора nNOS (8.15 мкг у 5 мкл) на термічну гіпералгезію через 14 діб після ушкодження. В результаті секції корінця кількість nNOS-імунореактивних клітин у поверхневих та глибоких пластинах дорсального рога зростала на відносно пізніх етапах (із сьомої по 28-му добу) використаної моделі нейропатії. Аплікації 7-NI зменшували термічну гіперсенситивність, викликану пошкодженням нервових волокон, на 14-ту добу, але не впливали на цей феномен протягом другої–п’ятої діб після індукції нейропатії. Подібні дані вказують на те, що після перетину корінця L₅ у щурів підвищена експресія nNOS більшою мірою залучена в процес розвитку, ніж в ініціацію термічної гіпералгезії

High Performance Multicell Series Inverter-Fed Induction Motor Drive

This document is the Accepted Manuscript version of the following article: M. Khodja, D. Rahiel, M. B. Benabdallah, H. Merabet Boulouiha, A. Allali, A. Chaker, and M. Denai, ‘High-performance multicell series inverter-fed induction motor drive’, Electrical Engineering, Vol. 99 (3): 1121-1137, September 2017. The final publication is available at Springer via DOI: https://doi.org/10.1007/s00202-016-0472-4.The multilevel voltage-source inverter (VSI) topology of the series multicell converter developed in recent years has led to improved converter performance in terms of power density and efficiency. This converter reduces the voltage constraints between all cells, which results in a lower transmission losses, high switching frequencies and the improvement of the output voltage waveforms. This paper proposes an improved topology of the series multicell inverter which minimizes harmonics, reduces torque ripples and losses in a variable-speed induction motor drive. The flying capacitor multilevel inverter topology based on the classical and modified phase shift pulse width modulation (PSPWM, MPSPWM) techniques are applied in this paper to minimize harmonic distortion at the inverter output. Simulation results are presented for a 2-kW induction motor drive and the results obtained demonstrate reduced harmonics, improved transient responses and reference tracking performance of the voltage in the induction motor and consequently reduced torque ripplesPeer reviewe

Impact of health literacy and self-care behaviors on health-related quality of life in Iranians with type 2 diabetes: a cross-sectional study

Background: Regarding the importance of health literacy as a key factor in self-care, appropriate understanding of health information by patients with type 2 diabetes mellitus (T2DM) is fundamental for better management of risk factors, which can also benefit their quality of life. This study aimed to describe the relationship between health literacy (HL), and self-care behaviors with health-related quality of life (HRQL) in patients with T2DM. Methods: A cross-sectional survey was done in Iran in 2019. Patients were recruited randomly from health centers by medical records (n = 192, 55.2 male, mean age 58.12 years). The data collection included demographic form, health literacy questionnaire, diabetes self-care behavior questionnaire, and world health organization�s Quality of Life-BREF (WHOQOL-BREF). Analyses were adjusted for confounders using hierarchical regression analysis. Results: HL as predictor variables explained 47.5 of variance in overall HRQL (p value < 0.001), reading health information was the strongest HL dimension (β = 0.478). Self-care behaviors explained an additional 13.6 of the HRQL variance. In total, 65.5 of the variation in the HRQL is explained by the HL, self-care behavior, and the demographic variables. Conclusion: We found that more almost two-third of the HRQL explained by the HL and self-care behaviors. Given the importance of health literacy and self-care behaviors in the quality of life in patients with T2DM, adoption of health-promoting behaviors and increasing health literacy can be beneficial for promoting quality of life among these patients. © 2020, The Author(s)