Feature trade-off analysis for reconnaissance detection.

An effective cyber early warning system (CEWS) should pick up threat activity at an early stage, with an emphasis on establishing hypotheses and predictions as well as generating alerts on (unclassified) situations based on preliminary indications. The design and implementation of such early warning systems involve numerous challenges such as generic set of indicators, intelligence gathering, uncertainty reasoning and information fusion. This chapter begins with an understanding of the behaviours of intruders and then related literature is followed by the proposed methodology using a Bayesian inference-based system. It also includes a carefully deployed empirical analysis on a data set labelled for reconnaissance activity. Finally, the chapter concludes with a discussion on results, research challenges and necessary suggestions to move forward in this research line

Towards a threat assessment framework for apps collusion

App collusion refers to two or more apps working together to achieve a malicious goal that they otherwise would not be able to achieve individually. The permissions based security model of Android does not address this threat as it is rather limited to mitigating risks of individual apps. This paper presents a technique for quantifying the collusion threat, essentially the first step towards assessing the collusion risk. The proposed method is useful in finding the collusion candidate of interest which is critical given the high volume of Android apps available. We present our empirical analysis using a classified corpus of over 29,000 Android apps provided by Intel SecurityTM

A survey on wireless body area networks: architecture, security challenges and research opportunities.

In the era of communication technologies, wireless healthcare networks enable innovative applications to enhance the quality of patients’ lives, provide useful monitoring tools for caregivers, and allows timely intervention. However, due to the sensitive information within the Wireless Body Area Networks (WBANs), insecure data violates the patients’ privacy and may consequently lead to improper medical diagnosis and/or treatment. Achieving a high level of security and privacy in WBAN involves various challenges due to its resource limitations and critical applications. In this paper, a comprehensive survey of the WBAN technology is provided, with a particular focus on the security and privacy concerns along with their countermeasures, followed by proposed research directions and open issues

3R: a reliable multi-agent reinforcement learning based routing protocol for wireless medical sensor networks.

Interest in the Wireless Medical Sensor Network (WMSN) is rapidly gaining attention thanks to recent advances in semiconductors and wireless communication. However, by virtue of the sensitive medical applications and the stringent resource constraints, there is a need to develop a routing protocol to fulfill WMSN requirements in terms of delivery reliability, attack resiliency, computational overhead and energy efficiency. This paper proposes 3R, a reliable multi-agent reinforcement learning routing protocol for WMSN. 3R uses a novel resource-conservative Reinforcement Learning (RL) model to reduce the computational overhead, along with two updating methods to speed up the algorithm convergence. The reward function is re-defined as a punishment, combining the proposed trust management system to defend against well-known dropping attacks. Furthermore, an energy model is integrated with the reward function to enhance the network lifetime and balance energy consumption across the network. The proposed energy model uses only local information to avoid the resource burdens and the security concerns of exchanging energy information. Experimental results prove the lightweightness, attacks resiliency and energy efficiency of 3R, making it a potential routing candidate for WMSN

Context-aware anomaly detector for monitoring cyber attacks on automotive CAN bus.

Automotive electronics is rapidly expanding. An average vehicle contains million lines of software codes, running on 100 of electronic control units (ECUs), in supporting number of safety, driver assistance and infotainment functions. These ECUs are networked using a Controller Area Network (CAN). Security of the CAN bus has not historically been a major concern, however, recent research demonstrate that CAN has many vulnerabilities to cyber attacks. This paper presents a contextualised anomaly detector for monitoring cyber attacks on the CAN bus. Proposed algorithm is based on message sequence modelling, using so called N-grams distributions. It utilises only benign data (one class) for training and threshold estimation. Performance of the algorithm was tested against two different attack scenarios, RPM and gear gauge messages spoofing, using data captured from a real vehicle. Experimental outcomes demonstrate that proposed algorithm is capable of detecting both attacks with 100% accuracy, using far smaller time windows (100ms) which is essential for a practically deployable automotive cyber security solution