Securing the Internet of Things Infrastructure - Standards and Techniques

The Internet of Things (IoT) infrastructure is a conglomerate of electronic devices interconnected through the Internet, with the purpose of providing prompt and effective service to end-users. Applications running on an IoT infrastructure generally handle sensitive information such as a patient’s healthcare record, the position of a logistic vehicle, or the temperature readings obtained through wireless sensor nodes deployed in a bushland. The protection of such information from unlawful disclosure, tampering or modification, as well as the unscathed presence of IoT devices, in adversarial environments, is of prime concern. In this paper, a descriptive analysis of the security of standards and technologies for protecting the IoT communication channel from adversarial threats is provided. In addition, two paradigms for securing the IoT infrastructure, namely, common key based and paired key based, are proposed

Securing the internet of things infrastructure – standards and techniques

The Internet of Things (IoT) infrastructure is a conglomerate of electronic devices interconnected through the Internet, with the purpose of providing prompt and effective service to end-users. Applications running on an IoT infrastructure generally handle sensitive information such as a patient’s healthcare record, the position of a logistic vehicle, or the temperature readings obtained through wireless sensor nodes deployed in a bushland. The protection of such information from unlawful disclosure, tampering or modification, as well as the unscathed presence of IoT devices, in adversarial environments, is of prime concern. In this paper, a descriptive analysis of the security of standards and technologies for protecting the IoT communication channel from adversarial threats is provided. In addition, two paradigms for securing the IoT infrastructure, namely, common key based and paired key based, are proposed

Ransomware: Emergence of the cyber-extortion menace

Ransomware is increasingly posing a threat to the security of information resources. Millions of dollars of monetary loss have been afflicted on end-users and corporations alike through unlawful deployment of ransomware. Through malware injection into end-user devices and subsequent extortion of their system or data, ransomware has emerged as a threat requiring immediate attention and containment by the cyber-security community. We conduct a detailed analysis of the steps of execution involved in ransomware deployment to facilitate readiness of the cyber-security community in containing the rapid proliferation of ransomware. This paper examines the evolution of malware over a period of 26 years and the emergence of ransomware in the cyber-threat landscape. Key findings on the evolution of ransomware and its use of emerging technologies are presented

Ransomware behavioural analysis on windows platforms

Ransomware infections have grown exponentially during the recent past to cause major disruption in operations across a range of industries including the government. Through this research, we present an analysis of 14 strains of ransomware that infect Windows platforms, and we do a comparison of Windows Application Programming Interface (API) calls made through ransomware processes with baselines of normal operating system behaviour. The study identifies and reports salient features of ransomware as referred through the frequencies of API call

Controlled access to cloud resources for mitigating economic denial of sustainability (EDoS) attacks

Cloud computing is a paradigm that provides scalable IT resources as a service over the Internet. Vulnerabilities in the cloud infrastructure have been readily exploited by the adversary class. Therefore, providing the desired level of assurance to all stakeholders through safeguarding data (sensitive or otherwise) which is stored in the cloud, is of utmost importance. In addition, protecting the cloud from adversarial attacks of diverse types and intents, cannot be understated. Economic Denial of Sustainability (EDoS) attack is considered as one of the concerns that has stalled many organizations from migrating their operations and/or data to the cloud. This is because an EDoS attack targets the financial component of the service provider. In this work, we propose a novel and reactive approach based on a rate limit technique, with low overhead, to detect and mitigate EDoS attacks against cloud-based services. Through this reactive scheme, a limited access permission for cloud services is granted to each user. Experiments were conducted in a laboratory cloud setup, to evaluate the performance of the proposed mitigation technique. Results obtained show that the proposed approach is able to detect and prevent such an attack with low cost and overhead. © 2016 Elsevier B.V. All rights reserved

Analysis of attempted intrusions: intelligence gathered from SSH Honeypots

Honeypots are a defensive cyber security countermeasure used to gather data on intruder activities. By analysing the data collected by honeypots, mitigation strategies for cyberattacks launched against cyber-enabled infrastructures can be developed. In this paper, intelligence gathered from six Secure Shell (SSH) honeypots is presented. The paper is part of an ongoing investigation into analysing malicious activities captured by the honeypots. This paper focuses on the time of day attempted intrusions have occurred. The honeypot data has been gathered from 18th July 2012 until 13th January 2016; a period of 1,247 days. All six honeypots have the same hardware and software configurations, located on the same IPv4/24 subnet. Preliminary analysis of the data from all six hosts has been combined to show the number of attempted intrusions recorded by each honeypot and the top 20 countries attacking IP addresses have originated from. However, there is a variation in the number of attempted intrusions recorded on each of the six hosts. Findings from the research conducted suggest, there is a pattern of organised attempted intrusions from attacking IP addresses originating from China and Hong Kong during an 8am to 6pm working day. An additional investigation into the possible use of organised attacking workforces was conducted

Harnessing Artificial Intelligence Capabilities to Improve Cybersecurity

Cybersecurity is a fast-evolving discipline that is always in the news over the last decade, as the number of threats rises and cybercriminals constantly endeavor to stay a step ahead of law enforcement. Over the years, although the original motives for carrying out cyberattacks largely remain unchanged, cybercriminals have become increasingly sophisticated with their techniques. Traditional cybersecurity solutions are becoming inadequate at detecting and mitigating emerging cyberattacks. Advances in cryptographic and Artificial Intelligence (AI) techniques (in particular, machine learning and deep learning) show promise in enabling cybersecurity experts to counter the ever-evolving threat posed by adversaries. Here, we explore AI\u27s potential in improving cybersecurity solutions, by identifying both its strengths and weaknesses. We also discuss future research opportunities associated with the development of AI techniques in the cybersecurity field across a range of application domains

Hybrid intelligent model for software maintenance prediction

Maintenance is an important activity in the software life cycle. No software product can do without undergoing the process of maintenance. Estimating a software’s maintainability effort and cost is not an easy task considering the various factors that influence the proposed measurement. Hence, Artificial Intelligence (AI) techniques have been used extensively to find optimized and more accurate maintenance estimations. In this paper, we propose an Evolutionary Neural Network (NN) model to predict software maintainability. The proposed model is based on a hybrid intelligent technique wherein a neural network is trained for prediction and a genetic algorithm (GA) implementation is used for evolving the neural network topology until an optimal topology is reached. The model was applied on a popular open source program, namely, Android. The results are very promising, where the correlation between actual and predicted points reaches 0.9

Validation of fibre stress utilization model for modified ring spun yarns

To model the fibre stress utilization in modified ring spun yarns, we developed an analytical formula from the experimental data. The development of empirical formulae is carried out by using two different techniques, i.e., Cubic Spline and Artificial Neural Network methods. The experimental data of stress-strain curves of fibre and yarn has a large variation. To cope this variability, we used the smoothing spline technique to find the best-fit curve with respect to a reasonable smoothness. The best nonlinear smooth fitting can be used to extrapolate the experimental data beyond the breaking point. The modified ring spun yarns (compact, SIRO and SIRO-compact) with 20/1, 30/1 and 40/1 English count, produced from viscose staple fibre, were used to predict fibre stress utilization up to the yarn break by extrapolating the mean stress-strain curves of fibre and yarn by using the artificial neural network. Moreover, a new distribution function of fibre distribution in yarn has been proposed and successfully implemented for the prediction of fibre stress utilization in yarn. The new formulation helps to compute the fibre stress utilization in the yarn analytically. The validation of the proposed methodology is presented by comparing the numerical results with the experimental data. The predicted fibre stress utilization was in good agreement with the experimental fibre stress utilization for all types of modified ring spun yarns. It has been observed that SIRO-compact yarn exhibits improved fibre stress utilization as compared to SIRO and compact yarns. Moreover, the new distribution functions Gamma and Gaussian distribution were introduced in parallel with the Dirac delta function. In previous similar studies on ring, rotor and air-jet spun yarns, the proposed model can only predict the fibre stress utilization before the breakage point whereas the modified model, in this study, can predict the fibre stress utilization up to the breaking point

Green photosensitisers for the degradation of selected pesticides of high risk in most susceptible food: a safer approach

Pesticides are the leading defence against pests, but their unsafe use reciprocates the pesticide residues in highly susceptible food and is becoming a serious risk for human health. In this study, mint extract and riboflavin were tested as photosensitisers in combination with light irradiation of different frequencies, employed for various time intervals to improve the photo-degradation of deltamethrin (DM) and lambda cyhalothrin (λ-CHT) in cauliflower. Different source of light was studied, either in ultraviolet range (UV-C, 254 nm or UV-A, 320–380 nm) or sunlight simulator (> 380–800 nm). The degradation of the pesticides varied depending on the type of photosensitiser and light source. Photo-degradation of the DM and λ-CHT was enhanced by applying the mint extracts and riboflavin and a more significant degradation was achieved with UV-C than with either UV-A or sunlight, reaching a maximum decrement of the concentration by 67–76%. The light treatments did not significantly affect the in-vitro antioxidant activity of the natural antioxidants in cauliflower. A calculated dietary risk assessment revealed that obvious dietary health hazards of DM and λ-CHT pesticides when sprayed on cauliflower for pest control. The use of green chemical photosensitisers (mint extract and riboflavin) in combination with UV light irradiation represents a novel, sustainable, and safe approach to pesticide reduction in produce