A combinatorial model of malware diffusion via Bluetooth connections

We outline here the mathematical expression of a diffusion model for cellphones malware transmitted through Bluetooth channels. In particular, we provide the deterministic formula underlying the proposed infection model, in its equivalent recursive (simple but computationally heavy) and closed form (more complex but efficiently computable) expression.Comment: In press on PlosON

A novel hybrid methodology to secure GOOSE messages against cyberattacks in smart grids

: IEC 61850 is emerging as a popular communication standard for smart grids. Standardized communication in smart grids has an unwanted consequence of higher vulnerability to cyber-attacks. Attackers exploit the standardized semantics of the communication protocols to launch different types of attacks such as false data injection (FDI) attacks. Hence, there is a need to develop a cybersecurity testbed and novel mitigation strategies to study the impact of attacks and mitigate them. This paper presents a testbed and methodology to simulate FDI attacks on IEC 61850 standard compliant Generic Object-Oriented Substation Events (GOOSE) protocol using real time digital simulator (RTDS) together with open-source tools such as Snort and Wireshark. Furthermore, a novel hybrid cybersecurity solution by the name of sequence content resolver is proposed to counter such attacks on the GOOSE protocol in smart grids. Utilizing the developed testbed FDI attacks in the form of replay and masquerade attacks on are launched and the impact of attacks on electrical side is studied. Finally, the proposed hybrid cybersecurity solution is implemented with the developed testbed and its effectiveness is demonstrated

The future of Cybersecurity in Italy: Strategic focus area

This volume has been created as a continuation of the previous one, with the aim of outlining a set of focus areas and actions that the Italian Nation research community considers essential. The book touches many aspects of cyber security, ranging from the definition of the infrastructure and controls needed to organize cyberdefence to the actions and technologies to be developed to be better protected, from the identification of the main technologies to be defended to the proposal of a set of horizontal actions for training, awareness raising, and risk management

Fault diagnosis for uncertain networked systems

Fault diagnosis has been at the forefront of technological developments for several decades. Recent advances in many engineering fields have led to the networked interconnection of various systems. The increased complexity of modern systems leads to a larger number of sources of uncertainty which must be taken into consideration and addressed properly in the design of monitoring and fault diagnosis architectures. This chapter reviews a model-based distributed fault diagnosis approach for uncertain nonlinear large-scale networked systems to specifically address: (a) the presence of measurement noise by devising a filtering scheme for dampening the effect of noise; (b) the modeling of uncertainty by developing an adaptive learning scheme; (c) the uncertainty issues emerging when considering networked systems such as the presence of delays and packet dropouts in the communication networks. The proposed architecture considers in an integrated way the various components of complex distributed systems such as the physical environment, the sensor level, the fault diagnosers, and the communication networks. Finally, some actions taken after the detection of a fault, such as the identification of the fault location and its magnitude or the learning of the fault function, are illustrated

A novel privacy preserving user identification approach for network traffic

The prevalence of the Internet and cloud-based applications, alongside the technological evolution of smartphones, tablets and smartwatches, has resulted in users relying upon network connectivity more than ever before. This results in an increasingly voluminous footprint with respect to the network traffic that is created as a consequence. For network forensic examiners, this traffic represents a vital source of independent evidence in an environment where anti-forensics is increasingly challenging the validity of computer-based forensics. Performing network forensics today largely focuses upon an analysis based upon the Internet Protocol (IP) address – as this is the only characteristic available. More typically, however, investigators are not actually interested in the IP address but rather the associated user (whose account might have been compromised). However, given the range of devices (e.g., laptop, mobile, and tablet) that a user might be using and the widespread use of DHCP, IP is not a reliable and consistent means of understanding the traffic from a user. This paper presents a novel approach to the identification of users from network traffic using only the meta-data of the traffic (i.e. rather than payload) and the creation of application-level user interactions, which are proven to provide a far richer discriminatory feature set to enable more reliable identity verification. A study involving data collected from 46 users over a two-month period generated over 112 GBs of meta-data traffic was undertaken to examine the novel user-interaction based feature extraction algorithm. On an individual application basis, the approach can achieve recognition rates of 90%, with some users experiencing recognition performance of 100%. The consequence of this recognition is an enormous reduction in the volume of traffic an investigator has to analyse, allowing them to focus upon a particular suspect or enabling them to disregard traffic and focus upon what is left