HIDROID: prototyping a behavioral host-based intrusion detection and prevention system for android

Previous research efforts on developing an Intrusion Detection and Prevention Systems (IDPS) for Android mobile devices rely mostly on centralized data collection and processing on a cloud server. However, this trend is characterized by two major limitations. First, it requires a continuous connection between monitored devices and the server, which might be infeasible, due to mobile network's outage or partial coverage. Second, it increases the risk of sensitive information leakage and the violation of user's privacy. To help alleviate these problems, in this paper, we develop a novel Host-based IDPS for Android (HIDROID), which runs completely on a mobile device, with a minimal computation burden. It collects data in run-time, by periodically sampling features reflecting the utilization of scarce resources on a mobile device (e.g. CPU, memory, battery, bandwidth, etc.). The detection engine exploits statistical and machine learning algorithms to build a data-driven model for the benign behavior. Any observation failing to match this model triggers an alert, and the preventive agent takes proper countermeasure(s) to minimize the risk. HIDROID requires no malicious data for training or tuning, which makes it handy for day-to-day usage. Experimental test results, on a real-life device, show that HIDROID is well able to learn and discriminate normal from malicious behavior, with very promising accuracy of up to 0.9, while maintaining false positive rate by 0.03

Towards a secure network architecture for smart grids in 5G era

Smart grid introduces a wealth of promising applications for upcoming fifth-generation mobile networks (5G), enabling households and utility companies to establish a two-way digital communications dialogue, which can benefit both of them. The utility can monitor real-time consumption of end users and take proper measures (e.g., real-time pricing) to shape their consumption profile or to plan enough supply to meet the foreseen demand. On the other hand, a smart home can receive real-time electricity prices and adjust its consumption to minimize its daily electricity expenditure, while meeting the energy need and the satisfaction level of the dwellers. Smart Home applications for smart phones are also a promising use case, where users can remotely control their appliances, while they are away at work or on their ways home. Although these emerging services can evidently boost the efficiency of the market and the satisfaction of the consumers, they may also introduce new attack surfaces making the grid vulnerable to financial losses or even physical damages. In this paper, we propose an architecture to secure smart grid communications incorporating an intrusion detection system, composed of distributed components collaborating with each other to detect price integrity or load alteration attacks in different segments of an advanced metering infrastructure

Security framework for the semiconductor supply chain environment

This paper proposes a security framework for secure data communications across the partners in the Semiconductor Supply Chain Environment. The security mechanisms of the proposed framework will be based on the SSL/TLS and OAuth 2.0 protocols, which are two standard security protocols. However, both protocols are vulnerable to a number of attacks, and thus more sophisticated security mechanisms based on these protocols should be designed and implemented in order to address the specific security challenges of the Semiconductor Supply Chain in a more effective and efficient manner

Towards an autonomous host-based intrusion detection system for android mobile devices

In the 5G era, mobile devices are expected to play a pivotal role in our daily life. They will provide a wide range of appealing features to enable users to access a rich set of high quality personalized services. However, at the same time, mobile devices (e.g., smartphones) will be one of the most attractive targets for future attackers in the upcoming 5G communications systems. Therefore, security mechanisms such as mobile Intrusion Detection Systems (IDSs) are essential to protect mobile devices from a plethora of known and unknown security breaches and to ensure user privacy. However, despite the fact that a lot of research effort has been placed on IDSs for mobile devices during the last decade, autonomous host-based IDS solutions for 5G mobile devices are still required to protect them in a more efficient and effective manner. Towards this direction, we propose an autonomous host-based IDS for Android mobile devices applying Machine Learning (ML) methods to inspect different features representing how the device’s resources (e.g., CPU, memory, etc.) are being used. The simulation results demonstrate a promising detection accuracy of above 85%, reaching up to 99.99%

Machine learning for DDoS attack detection in industry 4.0 CPPSs

The Fourth Industrial Revolution (Industry 4.0) has transformed factories into smart Cyber-Physical Production Systems (CPPSs), where man, product, and machine are fully interconnected across the whole supply chain. Although this digitalization brings enormous advantages through customized, transparent, and agile manufacturing, it introduces a significant number of new attack vectors—e.g., through vulnerable Internet-of-Things (IoT) nodes—that can be leveraged by attackers to launch sophisticated Distributed Denial-of-Service (DDoS) attacks threatening the availability of the production line, business services, or even the human lives. In this article, we adopt a Machine Learning (ML) approach for network anomaly detection and construct different data-driven models to detect DDoS attacks on Industry 4.0 CPPSs. Existing techniques use data either artificially synthesized or collected from Information Technology (IT) networks or small-scale lab testbeds. To address this limitation, we use network traffic data captured from a real-world semiconductor production factory. We extract 45 bidirectional network flow features and construct several labeled datasets for training and testing ML models. We investigate 11 different supervised, unsupervised, and semi-supervised algorithms and assess their performance through extensive simulations. The results show that, in terms of the detection performance, supervised algorithms outperform both unsupervised and semi-supervised ones. In particular, the Decision Tree model attains an Accuracy of 0.999 while confining the False Positive Rate to 0.001

A lightweight authentication mechanism for M2M communications in industrial IoT environment

In the emerging Industrial IoT era, Machine-to-Machine (M2M) communication technology is considered as a key underlying technology for building Industrial IoT environments where devices (e.g., sensors, actuators, gateways) are enabled to exchange information with each other in an autonomous way without human intervention. However, most of the existing M2M protocols that can be also used in the Industrial IoT domain provide security mechanisms based on asymmetric cryptography resulting in high computational cost. As a consequence, the resource-constrained IoT devices are not able to support them appropriately and thus, many security issues arise for the Industrial IoT environment. Therefore, lightweight security mechanisms are required for M2M communications in Industrial IoT in order to reach its full potential. As a step towards this direction, in this paper, we propose a lightweight authentication mechanism, based only on hash and XOR operations, for M2M communications in Industrial IoT environment. The proposed mechanism is characterized by low computational cost, communication and storage overhead, while achieving mutual authentication, session key agreement, device’s identity confidentiality, and resistance against the following attacks: replay attack, man-in-the-middle attack, impersonation attack, and modification attack

Security threats in network coding-enabled mobile small cells

The recent explosive growth of mobile data traffic, the continuously growing demand for higher data rates, and the steadily increasing pressure for higher mobility have led to the fifth-generation mobile networks. To this end, network-coding (NC)-enabled mobile small cells are considered as a promising 5G technology to cover the urban landscape by being set up on-demand at any place, and at any time on any device. In particular, this emerging paradigm has the potential to provide significant benefits to mobile networks as it can decrease packet transmission in wireless multicast, provide network capacity improvement, and achieve robustness to packet losses with low energy consumption. However, despite these significant advantages, NC-enabled mobile small cells are vulnerable to various types of attacks due to the inherent vulnerabilities of NC. Therefore, in this paper, we provide a categorization of potential security attacks in NC-enabled mobile small cells. Particularly, our focus is on the identification and categorization of the main potential security attacks on a scenario architecture of the ongoing EU funded H2020-MSCA project “SECRET” being focused on secure network coding-enabled mobile small cells

An autonomous privacy-preserving authentication scheme for intelligent transportation systems

Privacy-preservation is of paramount importance for the emerging Intelligent Transportation System (ITS) applications, such as traffic monitoring and road safety. These applications require regular transmission of messages among vehicles or between vehicles and backend servers. The received messages should be authenticated so that messages from malicious or malfunctioning entities can be detected and discarded. However, this requirement poses a challenge in terms of location privacy, since the user’s identity is sent in clear text in the transmitted messages, and thus it can be linked to the vehicle’s position. Cryptographic pseudonyms are advocated as computationally efficient solutions for preserving the privacy of vehicles’ location. However, pseudonym-based systems require permanent contact between vehicles and a trusted authority (TA) to periodically renew the pseudonyms. This might cause network congestion or be infeasible in some situations due to the lack or scarcity of deployed infrastructure. In this paper, we address this challenge by proposing an autonomous privacy-preserving authentication scheme, where vehicles only need to contact the TA once; afterward, they can renew their pseudonyms by themselves without communicating with the TA. To the best of our knowledge, this is the first authentication scheme providing vehicles with the capability to renew their pseudonym sets without requiring permanent contact with a TA

Performance evaluation of radio resource schedulers in LTE and 5G NR two-tier HetNets

Network performance is critically dependent on the employed radio resource scheduler (RRS). The impact becomes even more significant in 5G ultra-dense networks due to the challenges of complicated base station distribution, user association, load balancing and inter-cell interference, among others. Using a combination of three popular schedulers (i.e., round robin (RR), proportional fairness (PF) and best channel quality indicator (BCQI)), we evaluate, in this work, the performance of two-tier heterogeneous networks where the different tiers employ the same or different RRSs. Using user throughput, cell capacity and system fairness as metrics, the results show that, on one hand, the average user throughput-system fairness tradeoff favours the use of the RR-PF combination (where the macrocell tier employs RR while the small cell tier uses PF). On the other hand, the BCQI-BCQI combination produces the highest network capacity, principally from about 5-10% of the total users, thereby sacrificing fair allocation of resources among the users. The results show that there is no globally optimal RRS combination across the metrics. As the mobile network operators have the freedom to deploy schedulers as they deem fit, the RRS combination can be selected to satisfy the performance targets of the respective use cases and deployment scenarios.info:eu-repo/semantics/publishedVersio