A Survey on Layer-Wise Security Attacks in IoT: Attacks, Countermeasures, and Open-Issues

© 2021 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).Security is a mandatory issue in any network, where sensitive data are transferred safely in the required direction. Wireless sensor networks (WSNs) are the networks formed in hostile areas for different applications. Whatever the application, the WSNs must gather a large amount of sensitive data and send them to an authorized body, generally a sink. WSN has integrated with Internet-of-Things (IoT) via internet access in sensor nodes along with internet-connected devices. The data gathered with IoT are enormous, which are eventually collected by WSN over the Internet. Due to several resource constraints, it is challenging to design a secure sensor network, and for a secure IoT it is essential to have a secure WSN. Most of the traditional security techniques do not work well for WSN. The merger of IoT and WSN has opened new challenges in designing a secure network. In this paper, we have discussed the challenges of creating a secure WSN. This research reviews the layer-wise security protocols for WSN and IoT in the literature. There are several issues and challenges for a secure WSN and IoT, which we have addressed in this research. This research pinpoints the new research opportunities in the security issues of both WSN and IoT. This survey climaxes in abstruse psychoanalysis of the network layer attacks. Finally, various attacks on the network using Cooja, a simulator of ContikiOS, are simulated.Peer reviewe

Analysis and Implementation of Threat Agents Profiles in Semi-Automated Manner for a Network Traffic in Real-Time Information Environment

© 2021 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/)Threat assessment is the continuous process of monitoring the threats identified in the network of the real-time informational environment of an organisation and the business of the companies. The sagacity and security assurance for the system of an organisation and company’s business seem to need that information security exercise to unambiguously and effectively handle the threat agent’s attacks. How is this unambiguous and effective way in the present-day state of information security practice working? Given the prevalence of threats in the modern information environment, it is essential to guarantee the security of national information infrastructure. However, the existing models and methodology are not addressing the attributes of threats like motivation, opportunity, and capability (C, M, O), and the critical threat intelligence (CTI) feed to the threat agents during the penetration process is ineffective, due to which security assurance arises for an organisation and the business of companies. This paper proposes a semi-automatic information security model, which can deal with situational awareness data, strategies prevailing information security activities, and protocols monitoring specific types of the network next to the real-time information environment. This paper looks over analyses and implements the threat assessment of network traffic in one particular real-time informational environment. To achieve this, we determined various unique attributes of threat agents from the Packet Capture Application Programming Interface (PCAP files/DataStream) collected from the network between the years 2012 and 2019.Peer reviewe

Machine-directed gravitational-wave counterpart discovery

Joint observations in electromagnetic and gravitational waves shed light on the physics of objects and surrounding environments with extreme gravity that are otherwise unreachable via siloed observations in each messenger. However, such detections remain challenging due to the rapid and faint nature of counterparts. Protocols for discovery and inference still rely on human experts manually inspecting survey alert streams and intuiting optimal usage of limited follow-up resources. Strategizing an optimal follow-up program requires adaptive sequential decision-making given evolving light curve data that (i) maximizes a global objective despite incomplete information and (ii) is robust to stochasticity introduced by detectors/observing conditions. Reinforcement learning (RL) approaches allow agents to implicitly learn the physics/detector dynamics and the behavior policy that maximize a designated objective through experience. To demonstrate the utility of such an approach for the kilonova follow-up problem, we train a toy RL agent for the goal of maximizing follow-up photometry for the true kilonova among several contaminant transient light curves. In a simulated environment where the agent learns online, it achieves 3x higher accuracy compared to a random strategy. However, it is surpassed by human agents by up to a factor of 2. This is likely because our hypothesis function (Q that is linear in state-action features) is an insufficient representation of the optimal behavior policy. More complex agents could perform at par or surpass human experts. Agents like these could pave the way for machine-directed software infrastructure to efficiently respond to next generation detectors, for conducting science inference and optimally planning expensive follow-up observations, scalably and with demonstrable performance guarantees.Comment: Submitted to the Astrophysical Journal; Comments welcome

TO SHOVE ON PEDESTRIAN RECITAL ON SIDE WALKS

It gives a sidewalk pavement width design technique for making extra pedestrian quality and walk-inspiring sidewalk pavements in the urban location. Instead of using the current sidewalk pavement width format preferred that commonly results in having minimal values, these studies investigated pedestrians’ alternatives on the tiers of provider, surveyed actual footpath trajectories inside the sidewalk pavements, and located pedestrian movement characteristics inside the streets. Pedestrian crucial diagrams and pedestrian traits depend upon gender of the pedestrian, age of pedestrian and type of centres. “Pedestrian traits, crucial diagrams for unidirectional waft in addition to bi-directional go together with the drift, evaluation of pedestrian critical diagrams between unidirectional and bi-directional waft, capability and stage of provider for above three sections” have become done in this test. Hypothesis trying out come to be performed for evaluating the pedestrian pace among one-of-a-kind sections and special mixtures had been completed on this examine

Updated observing scenarios and multi-messenger implications for the International Gravitational-wave Network's O4 and O5

Advanced LIGO and Virgo's third observing run brought another binary neutron star merger (BNS) and the first neutron-star black-hole (NSBH) mergers. While no confirmed kilonovae (KNe) was identified in conjunction with any of these events, continued improvements of analyses surrounding GW170817 allow us to project constraints on the Hubble Constant ($H_0$), the Galactic enrichment from $r$-process nucleosynthesis, and ultra-dense matter possible from forthcoming events. Here, we describe the expected constraints based on the latest expected event rates from the international gravitational-wave network (IGWN) and analyses of GW170817. We show the expected detection rate of gravitational waves and their counterparts, as well as how sensitive potential constraints are to the observed numbers of counterparts. We intend this analysis as support for the community when creating scientifically-driven electromagnetic follow-up proposals. During the next observing run O4, we predict an annual detection rate of electromagnetic counterparts from BNS of $0.43^{+0.58}_{-0.26}$ ($1.97^{+2.68}_{-1.2}$) for the Zwicky Transient Facility (Rubin Observatory)

Persistencia de malezas gramíneas en cultivos de trigo del sudeste bonaerense

En la presente tesis se estudió la persistencia de especies poáceas en cultivos de trigo del sudeste de Buenos Aires. En dicha región, Avena fatua L. y Lolium multiflorum Lam. son las malezas poáceas más importantes, tanto por la dificultad de control como por sus efectos competitivos sobre el cultivo. A los efectos de cuantificar la persistencia de dichas especies, se estudió la composición de la comunidad de malezas en dos momentos del ciclo: preaplicación de herbicidas y precosecha. Individuos de ambas malezas fueron registrados en ambos momentos como consecuencia de “escapes” al control realizado con herbicidas, siendo A. fatua más constante que L. mutiflorum. Posteriormente, se estudiaron los procesos que definen la persistencia de ambas malezas. Los resultados obtenidos indican que el ajuste del momento de emergencia es jerárquicamente el factor más importante para explicar la persistencia de A. fatua. Se demostró que los modelos de germinación son diferentes según las semillas provengan de un lote agrícola o de una condición de no cultivo, siendo estas diferencias de naturaleza genética. Por otro lado, la variabilidad en la supervivencia a los herbicidas es el factor que mejor explica la persistencia de L. multiflorum, habiéndose documentado resistencia cruzada a los herbicidas inhibidores de la ALS, pyroxsulam, imazamox y flucarbazone, sin antecedentes previos en la región. Los índices de resistencia encontrados presentan variación con la temperatura ambiente en post-aplicación del herbicida, habiéndose registrado mayor resistencia con mayor temperatura. Además, se comprobó que los individuos resistentes presentan menor tiempo a floración que los susceptibles. Tal atributo puede significar una ventaja demográfica para dichas poblaciones. Queda así demostrada la persistencia de A. fatua y L. multiflorum durante el ciclo del cultivo más allá de las prácticas de control realizadas y la participación de dos procesos demográficos distintos (establecimiento y supervivencia) en dicha persistencia

Role of IAM in an Organization

Many identities are possessed by the user in this digital world. The access rights and the digital identities requires to be managed and controlled at all levels. Managing the identities and controlling the access rights is Identity and Access Management. It is essential for all organizations with thousands of users and is the best practice to ensure control of user access. It identifies, authenticates, and authorizes users to access a resource in an organization. This in turn improves the efficiency of access management. The goal of this thesis was to study the role of identity and access management solutions in an organization. The main aim of the thesis was to find out how identity and access management works and implemented in an organization. Also, what are the risks and challenges when implementing these solutions were studied. Different security faucets which could be used in association with identity and access management were researched. Answer to some questions like how it could be implemented or what are the functions were researched. The use of the cloud to implement these solutions was also studied which protects the access to the resources on-premises and into the cloud. Various authentication methods were studied like multi-factor authentication, single sign-on, etc. The research was based on the work done during the internship in an organization with an identity and access management team. Based on the study and research the conclusion was made which included the benefits of identity and access management in the security and productivity of the organization. The practical part thesis was based on the survey questions answered by managers, the CEO, the IAM team and the IT administrators of an organization. Also, the employees who work in the organization answered the survey. It was done to observe how the accesses and privileges are given according to the job role at different levels

Analysis and implementation of semi-automatic model for vulnerability exploitations of threat agents in NIST databases

© 2022 The Author(s), under exclusive licence to Springer Science+Business Media, LLC, part of Springer Nature. This is the accepted manuscript version of an article which has been published in final form at https://doi.org/10.1007/s11042-022-14036-yProactive security plays a vital role in preventing the attack before entering active mode. In the modern information environment, it depends on the vulnerability management practitioners of an organization in which the critical factor is the prioritization of threats. The existing models and methodology follow the traditional approaches of a Common Vulnerability Scoring System (CVSS) to prioritize threats and vulnerabilities. The CVSS is not able to provide effectiveness to the security of the business of an organization. In contrast, the vulnerability analysis needs a model which can give significance to the prioritization policies. The model depends on the CVSS score of threats and compares various features of vulnerability like threat vectors, inputs, environments used by threat agent’s groups, and potential outputs of threat agents. Therefore, the research aims to design a semi-automatic model for vulnerability analysis of threats for the National Institute of Standards and Technology (NIST) database of cyber-crime. We have developed a semi-automatic model that simulates the CVE (Common Vulnerabilities and Exposures) list of the NIST database between 1999 and 2021, concerning the resources used by the threat agents, pre-requisites input, attack vectors, and dormant results. The semi-automatic approach of the model to perform the vulnerability analysis of threat agent groups identified in a network makes the model more efficient and effective to addresses the profiling of threat agents and evaluating the CTI (Critical Threat intelligence feed). Our experimental results imply that the semi-automatic model implements the vulnerability prioritization based on the CVSS score and uses the comparative analysis based on the threat agent’s vectors identified. It also provides potency and optimized complexity to an organization’s business to mitigate the vulnerability identified in a network.Peer reviewe