发布求助
文献互助 智能选刊 最新文献

2023 IEEE International Conference on Cyber Security and Resilience (CSR)最新文献

筛选
英文 中文
Area-Delay Efficient Security Scheme for Smart Hospital Systems 智能医院系统的区域延迟高效安全方案
2023 IEEE International Conference on Cyber Security and Resilience (CSR) Pub Date : 2023-07-31 DOI: 10.1109/CSR57506.2023.10224966
Kyriaki Tsantikidou, Dimitrios Boufeas, N. Sklavos
{"title":"Area-Delay Efficient Security Scheme for Smart Hospital Systems","authors":"Kyriaki Tsantikidou, Dimitrios Boufeas, N. Sklavos","doi":"10.1109/CSR57506.2023.10224966","DOIUrl":"https://doi.org/10.1109/CSR57506.2023.10224966","url":null,"abstract":"In recent years, traditional Hospital facilities are adopting new technologies. Smart Hospitals mostly utilize the Internet of Things (loT) technology due to its vast capabilities in connectivity. This loT network requires specific protocols for proper functionality. Message Queuing Telemetry Transport (MQTT) protocol is suitable for managing the communication and routing procedures of the resource constrained loT environment. Nevertheless, both MQTT and loT have various vulnerabilities and threats that must first be addressed. In this paper, a lightweight key management procedure is analyzed, an end-to-end payload encryption method is followed, and a processor with different cryptographic mechanisms is implemented. This combination of processes best complements the E-Health-based Hospital architecture, requiring minimum resources and complete security. The proposed crypto processor efficiently implements three different cryptographic primitives in a RISC- V architecture, providing flexibility. It achieves the best area-delay compared to other hardware-based security schemes, with 61.3% resource reduction and minimum added computation overhead. This is accomplished due to proper formatting of specific instructions and a function, operation and register sharing methodology.","PeriodicalId":354918,"journal":{"name":"2023 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"55 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125115398","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Privacy-preserving Federated Learning System for Fatigue Detection 保护隐私的疲劳检测联邦学习系统
2023 IEEE International Conference on Cyber Security and Resilience (CSR) Pub Date : 2023-07-31 DOI: 10.1109/CSR57506.2023.10224953
Mohammadreza Mohammadi, R. Allocca, David Eklund, Rakesh Shrestha, Sima Sinaei
{"title":"Privacy-preserving Federated Learning System for Fatigue Detection","authors":"Mohammadreza Mohammadi, R. Allocca, David Eklund, Rakesh Shrestha, Sima Sinaei","doi":"10.1109/CSR57506.2023.10224953","DOIUrl":"https://doi.org/10.1109/CSR57506.2023.10224953","url":null,"abstract":"Context:. Drowsiness affects the driver's cognitive abilities, which are all important for safe driving. Fatigue detection is a critical technique to avoid traffic accidents. Data sharing among vehicles can be used to optimize fatigue detection models and ensure driving safety. However, data privacy issues hinder the sharing process. To tackle these challenges, we propose a Federated Learning (FL) approach for fatigue-driving behavior monitoring. However, in the FL system, the privacy information of the drivers might be leaked. In this paper, we propose to combine the concept of differential privacy (DP) with Federated Learning for the fatigue detection application, in which artificial noise is added to parameters at the drivers' side before aggregating. This approach will ensure the privacy of drivers' data and the convergence of the federated learning algorithms. In this paper, the privacy level in the system is determined in order to achieve a balance between the noise scale and the model's accuracy. In addition, we have evaluated our models resistance against a model inversion attack. The effectiveness of the attack is measured by the Mean Squared Error (MSE) between the reconstructed data point and the training data. The proposed approach, compared to the non-DP case, has a 6% accuracy loss while decreasing the effectiveness of the attacks by increasing the MSE from 5.0 to 7.0, so a balance between accuracy and noise scale is achieved.","PeriodicalId":354918,"journal":{"name":"2023 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"104 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128186558","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
An Explainable Artificial Intelligence Approach for a Trustworthy Spam Detection 一种可解释的可信赖的垃圾邮件检测人工智能方法
2023 IEEE International Conference on Cyber Security and Resilience (CSR) Pub Date : 2023-07-31 DOI: 10.1109/CSR57506.2023.10224956
A. Ibrahim, M. Mejri, Fehmi Jaafar
{"title":"An Explainable Artificial Intelligence Approach for a Trustworthy Spam Detection","authors":"A. Ibrahim, M. Mejri, Fehmi Jaafar","doi":"10.1109/CSR57506.2023.10224956","DOIUrl":"https://doi.org/10.1109/CSR57506.2023.10224956","url":null,"abstract":"For decades, spam emails have been one of the most serious and irritating cybersecurity threats. For detecting spam emails, a variety of machine learning (ML) and deep learning (DL) approaches are used. These approaches identify spam emails in the inbox and send them to a junk folder. However, these approaches have some limitations, such as their inability to explain why an email is considered spam. The current paper introduces the X_SPAM approach by combining the machine learning technique (Random Forest) and deep learning technique (LSTM) to detect spam and uses the Explainable Artificial Intelligence technique (LIME) to increase the trustworthiness of spam detection by explaining the reason for their classification. We evaluate the proposed approach using two different datasets (LING without metadata and Enron with metadata). We found that the proposed approach has achieved a high accuracy rate for RF and LSTM at 98.13% and 99.13% respectively. Moreover, the study exhibits a visualizing manner to eliminate the black box drawback for ML and DL classifiers to increase the approach's trustworthiness.","PeriodicalId":354918,"journal":{"name":"2023 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"126 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131706351","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Proactive Measures for Cyber-Physical Systems Cybersecurity 网络物理系统网络安全的主动措施
2023 IEEE International Conference on Cyber Security and Resilience (CSR) Pub Date : 2023-07-31 DOI: 10.1109/CSR57506.2023.10224929
Kamal Taha
{"title":"Proactive Measures for Cyber-Physical Systems Cybersecurity","authors":"Kamal Taha","doi":"10.1109/CSR57506.2023.10224929","DOIUrl":"https://doi.org/10.1109/CSR57506.2023.10224929","url":null,"abstract":"Reactive security measures for cyber-physical systems (CPS) are ineffective. It is imperative for replacing these measures with proactive ones for the sustainability of the CPS cybersecurity. We introduce a novel proactive methodology for CPS cybersecurity. We implemented this methodology in a system called CPM-CPS. The methodology is summarized as follows: (a) clustering the CPS devices with LAN-based network sharing, (b) identifying the influential devices in each cluster, and (c) identifying the central devices at the WAN level that have network sharing with the influential devices in the different clusters. The file sharing of the identified influential devices at both LAN and WAN levels needs to be paid more attention to. Such measures can help in detecting potential security risks and preventing cyber-attacks against these influential devices before they share their infected files with other devices. Security equipment like intrusion detection systems can be provided to these influential devices. We introduce in this paper novel k-clique-based modeling techniques for clustering LAN devices. We introduce novel techniques for identifying LAN and WAN influential devices using coefficient-based and Independent Cascades-based modeling techniques. We experimentally evaluated our system CPM-CPS and compared it with four methods. Results showed marked improvement.","PeriodicalId":354918,"journal":{"name":"2023 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"79 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122158819","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
The Alliance of HE and TEE to Enhance their Performance and Security 高等教育学院与TEE的联盟,以提高其性能和安全性
2023 IEEE International Conference on Cyber Security and Resilience (CSR) Pub Date : 2023-07-31 DOI: 10.1109/CSR57506.2023.10224999
S. D'Antonio, Giannis Lazarou, Giovanni Mazzeo, Oana Stan, Martin Zuber, Ioannis Tsavdaridis
{"title":"The Alliance of HE and TEE to Enhance their Performance and Security","authors":"S. D'Antonio, Giannis Lazarou, Giovanni Mazzeo, Oana Stan, Martin Zuber, Ioannis Tsavdaridis","doi":"10.1109/CSR57506.2023.10224999","DOIUrl":"https://doi.org/10.1109/CSR57506.2023.10224999","url":null,"abstract":"While protection of data at-rest and data in-transit can be achieved using standard algorithms and technologies, the protection of data in-use is still, to a large extent, an open issue. Homomorphic Encryption (HE) and Trusted Execution Environment (TEE) are among the most popular approaches to shield computations. The former ensures high security guarantees but it suffers from a significant overhead. The latter, instead, provides lower execution time but it is affected by security drawbacks. In this paper, we propose SOTERIA, a privacy-preserving computation solution that combines HE and TEE to mitigate their limitations. The approach foresees the execution of sensitive processing with homomorphic encryption and the usage of a TEE to perform switches between different homomorphic cryptosystems. In fact, there are different kinds of computation algorithms where the co-existence of linear and non-linear functions makes the HE-based processing even more onerous. SOTERIA is developed in the context of the ENCRYPT project and will be validated in a use case of financial data processing.","PeriodicalId":354918,"journal":{"name":"2023 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126142599","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Exposed: Critical Vulnerabilities in USSD Banking Authentication Protocols 暴露:美元银行认证协议中的关键漏洞
2023 IEEE International Conference on Cyber Security and Resilience (CSR) Pub Date : 2023-07-31 DOI: 10.1109/CSR57506.2023.10224933
Zaynab Lamoyero, Oluwatobi Fajana
{"title":"Exposed: Critical Vulnerabilities in USSD Banking Authentication Protocols","authors":"Zaynab Lamoyero, Oluwatobi Fajana","doi":"10.1109/CSR57506.2023.10224933","DOIUrl":"https://doi.org/10.1109/CSR57506.2023.10224933","url":null,"abstract":"Unstructured Supplementary Service Data (USSD) authentication has been widely adopted as a popular method for verifying user identity and securing transactions in mobile financial banking, particularly in Sub-Saharan African countries. This is due to the convenience, speed, and accessibility since they do not require high-powered computing phones, large storage, or internet connectivity. However, like every technological advancement, this has been widely exploited by malicious actors due to weak authentication requirements. This study critically examines all 19 commercial banks in Nigeria, which has the largest USSD banking usage in Sub-Saharan Africa. We analyse 30 scenarios to conduct an anatomy and build a timeline of USSD banking attacks. Furthermore, we critically but anonymously examine each USSD banking platform against several security factors selected from government guidelines, the National Institute of Standards (NIST) SP800-63B framework and the National Cyber Security Centre (NCSC) recommendations. This led to the revelation that certain services only require a single authentication, such as PIN, while others require no authentication at all. Also, most of the banks failed to comply with governmental and industrial authentication standards. Furthermore, we present a 5-phase timeline of USSD attacks and address present recommendations for different stakeholders at the various stages.","PeriodicalId":354918,"journal":{"name":"2023 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125029734","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Understanding Human Factors of Cybersecurity: Drivers of Insider Threats 理解网络安全的人为因素:内部威胁的驱动因素
2023 IEEE International Conference on Cyber Security and Resilience (CSR) Pub Date : 2023-07-31 DOI: 10.1109/CSR57506.2023.10224926
Marcus L. Green, Priya D. Dozier
{"title":"Understanding Human Factors of Cybersecurity: Drivers of Insider Threats","authors":"Marcus L. Green, Priya D. Dozier","doi":"10.1109/CSR57506.2023.10224926","DOIUrl":"https://doi.org/10.1109/CSR57506.2023.10224926","url":null,"abstract":"As the implementation of computer systems has continued to grow, so has the number of employee-driven cyberspace infractions. Although employee malicious behaviors have continued to have detrimental effects on cybersecurity strategies, most studies have focused on technological gaps rather than human risk vulnerabilities. This grounded theory study was designed to identify human factors that drive cyberspace insider threat activities from cybersecurity experts. A literature analysis suggests a need for more qualitative studies to understand human factors of cybersecurity threats. This study's findings provide a framework to connect drivers and factors associated with insider threats through detailed themes. These six drivers lend a deeper understanding of individual, cultural, and technological influences on cyber threats. The findings also introduce connections between employee insider threat activities driven by unwitting, witting, unmalicious, and/or malicious behaviors.","PeriodicalId":354918,"journal":{"name":"2023 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"125 5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129711850","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Practical Multi-Key Homomorphic Encryption for More Flexible and Efficient Secure Federated Average Aggregation 实用的多密钥同态加密,实现更灵活高效的安全联邦平均聚合
2023 IEEE International Conference on Cyber Security and Resilience (CSR) Pub Date : 2023-07-31 DOI: 10.1109/CSR57506.2023.10224979
A. Pedrouzo-Ulloa, Aymen Boudguiga, Olive Chakraborty, Renaud Sirdey, Oana Stan, Martin Zuber
{"title":"Practical Multi-Key Homomorphic Encryption for More Flexible and Efficient Secure Federated Average Aggregation","authors":"A. Pedrouzo-Ulloa, Aymen Boudguiga, Olive Chakraborty, Renaud Sirdey, Oana Stan, Martin Zuber","doi":"10.1109/CSR57506.2023.10224979","DOIUrl":"https://doi.org/10.1109/CSR57506.2023.10224979","url":null,"abstract":"In this work, we introduce a lightweight communication-efficient multi-key approach suitable for the Federated Averaging rule. By combining secret-key RLWE-based HE, additive secret sharing and PRFs, we reduce approximately by a half the communication cost per party when compared to the usual public-key instantiations, while keeping practical homomorphic aggregation performances. Additionally, for LWE-based instantiations, our approach reduces the communication cost per party from quadratic to linear in terms of the lattice dimension.","PeriodicalId":354918,"journal":{"name":"2023 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128237563","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
To TTP or not to TTP?: Exploiting TTPs to Improve ML-based Malware Detection TTP还是不TTP?:利用ttp改进基于ml的恶意软件检测
2023 IEEE International Conference on Cyber Security and Resilience (CSR) Pub Date : 2023-07-31 DOI: 10.1109/CSR57506.2023.10225000
Yashovardhan Sharma, Eleonora Giunchiglia, S. Birnbach, I. Martinovic
{"title":"To TTP or not to TTP?: Exploiting TTPs to Improve ML-based Malware Detection","authors":"Yashovardhan Sharma, Eleonora Giunchiglia, S. Birnbach, I. Martinovic","doi":"10.1109/CSR57506.2023.10225000","DOIUrl":"https://doi.org/10.1109/CSR57506.2023.10225000","url":null,"abstract":"In the last decade, machine learning (ML) methods have increasingly been applied to the task of malware detection. While these approaches have surely demonstrated their effectiveness, they still present limitations, some of which are a consequence of their purely data-driven nature. In this paper, we show how the MITRE ATT&CK framework of tactics, techniques, and procedures (TTPs) can be exploited to overcome such limitations and improve their ability to detect malware on networks. We conduct an extensive experimental analysis, testing 7 ML models on 5 large datasets comprising over 37 million flows. Our results clearly demonstrate that adding TTP-based features for training the models robustly improves their performance. Our models outperform the standard ones 922 times out of a total of 952, (i.e., 96.8% of the time), with the biggest improvements (up to 84.9% in terms of FPR) being observed in situations designed to be challenging for ML models.","PeriodicalId":354918,"journal":{"name":"2023 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131699325","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
A Driver Detection Method by Means of Explainable Deep Learning 基于可解释深度学习的驾驶员检测方法
2023 IEEE International Conference on Cyber Security and Resilience (CSR) Pub Date : 2023-07-31 DOI: 10.1109/CSR57506.2023.10224913
Fabio Martinelli, F. Mercaldo, A. Santone
{"title":"A Driver Detection Method by Means of Explainable Deep Learning","authors":"Fabio Martinelli, F. Mercaldo, A. Santone","doi":"10.1109/CSR57506.2023.10224913","DOIUrl":"https://doi.org/10.1109/CSR57506.2023.10224913","url":null,"abstract":"The introduction of electronics in modern vehicles has sparked the inventiveness of thieves, who are always finding new ways to steal cars. With the aim to avoid vehicle theft, in this paper we propose a method aimed to continuously detect the driver when the driving session is in progress i.e., by providing a silent and continuous way to authenticate the (authorized) driver to the vehicle (and to continue to authenticate him/her while driving). We analyse a set of features extracted from the vehicle controller area network that are considered as input for several deep learning networks, aimed to discriminate between different drivers. A real-world path in Korea performed by four different drivers is used in the experimental analysis, by showing promising results: as a matter of fact, the proposed method obtains a precision equal to 0.906 and a recall of 0.887 with the MobileNet model in driver detection.","PeriodicalId":354918,"journal":{"name":"2023 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"192 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114192406","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信