Stefano M. Nicoletti , Marijn Peppelman , Christina Kolb , Mariëlle Stoelinga
{"title":"Model-based joint analysis of safety and security:Survey and identification of gaps","authors":"Stefano M. Nicoletti , Marijn Peppelman , Christina Kolb , Mariëlle Stoelinga","doi":"10.1016/j.cosrev.2023.100597","DOIUrl":"10.1016/j.cosrev.2023.100597","url":null,"abstract":"<div><p>We survey the state-of-the-art on model-based formalisms for safety and security joint analysis, where safety refers to the absence of unintended failures, and security to absence of malicious attacks. We conduct a thorough literature review and – as a result – we consider fourteen model-based formalisms and compare them with respect to several criteria: (1) <em>Modeling capabilities and Expressiveness:</em> which phenomena can be expressed in these formalisms? To which extent can they capture safety-security interactions? (2) <em>Analytical capabilities:</em> which analysis types are supported? (3) <em>Practical applicability:</em> to what extent have the formalisms been used to analyze small or larger case studies? Furthermore, (1) we present more precise definitions for safety-security dependencies in tree-like formalisms; (2) we showcase the potential of each formalism by modeling the same toy example from the literature and (3) we present our findings and reflect on possible ways to narrow highlighted gaps. In summary, our key findings are the following: (1) the majority of approaches combine tree-like formal models; (2) the exact nature of safety-security interaction is still ill-understood and (3) diverse formalisms can capture different interactions; (4) analyzed formalisms merge modeling constructs from existing safety- and security-specific formalisms, without introducing <em>ad hoc</em> constructs to model safety-security interactions, or (5) metrics to analyze trade offs. Moreover, (6) large case studies representing safety-security interactions are still missing.</p></div>","PeriodicalId":48633,"journal":{"name":"Computer Science Review","volume":"50 ","pages":"Article 100597"},"PeriodicalIF":12.9,"publicationDate":"2023-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S1574013723000643/pdfft?md5=e6c1bf928918e2a341e966fad8babde0&pid=1-s2.0-S1574013723000643-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"71514355","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Sibi Chakkaravarthy Sethuraman , Tharshith Goud Jadapalli , Devi Priya Vimala Sudhakaran , Saraju P. Mohanty
{"title":"Flow based containerized honeypot approach for network traffic analysis: An empirical study","authors":"Sibi Chakkaravarthy Sethuraman , Tharshith Goud Jadapalli , Devi Priya Vimala Sudhakaran , Saraju P. Mohanty","doi":"10.1016/j.cosrev.2023.100600","DOIUrl":"10.1016/j.cosrev.2023.100600","url":null,"abstract":"<div><p><span>The world of connected devices has been attributed to applications that relied upon multitude of devices to acquire and distribute data over extremely diverse networks. This caused a plethora of potential threats. In the field of IT security, the concept of digital baits, or honeypots, which are typically network components (computer systems, access points, or switches) launched to be interrogated, savaged, and impacted, is currently popular as it allows scientists to comprehend further on assault patterns and behavior. Combining the inherent modularity with the administration enabled by the container makes security management simple and permits dispersed deployments, resulting in a very dynamic system. This study delivers several contributions in this regard. First, it comprehends the patterns, methods, and </span>malware types that container honeypots deal with thus examining new developments in existing honeypot research to fill gaps in knowledge about the honeypot technology. A broad range of independently initiated and jointly conducted container honeypot strategies and studies that encompass various methodologies is surveyed. Second, using numerous use cases that aid scientific research, we address and investigate a number of challenges pertaining to container honeypots, such as identification problems, honeypot security issues, and dependability issues. Furthermore, based on our extensive honeypot research, we developed VIKRANT, a containerized research honeypot which assists researchers as well as enthusiasts in generating real-time flow data for threat intelligence. The configured approach was monitored resulting in several data points that allowed relevant conclusions about the malevolent users’ activities.</p></div>","PeriodicalId":48633,"journal":{"name":"Computer Science Review","volume":"50 ","pages":"Article 100600"},"PeriodicalIF":12.9,"publicationDate":"2023-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"71514353","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"A comprehensive survey on data aggregation techniques in UAV-enabled Internet of things","authors":"Asif Mahmud Raivi, Sangman Moh","doi":"10.1016/j.cosrev.2023.100599","DOIUrl":"10.1016/j.cosrev.2023.100599","url":null,"abstract":"<div><p>In recent years, unmanned aerial vehicles (UAVs) have been used to extend the Internet of things (IoT) framework owing to their vast applications, monitoring and surveillance capability, ubiquity, and mobility. To support IoT requirements, UAVs must be capable of aggregating, processing, and transmitting data in real-time basis. As not only the number of IoT devices but also the amount of data to be collected is increased, data aggregation is of great importance. Recently, the UAV can also function as a mobile edge computing server in association with aerial data aggregation. This paper is the first to survey the various aspects and techniques of UAV-based aerial data aggregation for IoT networks. After addressing key design issues, we review the existing data aggregation techniques along with possible future direction. They are then compared with each other in terms of major operational features, performance characteristics, advantages, and limitations. Open issues and research challenges are also discussed with possible solution approaches.</p></div>","PeriodicalId":48633,"journal":{"name":"Computer Science Review","volume":"50 ","pages":"Article 100599"},"PeriodicalIF":12.9,"publicationDate":"2023-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S1574013723000667/pdfft?md5=6f2cd703bc7b8c1c9010e724a3c8a10e&pid=1-s2.0-S1574013723000667-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"71514351","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Graph-based deep learning techniques for remote sensing applications: Techniques, taxonomy, and applications — A comprehensive review","authors":"Manel Khazri Khlifi , Wadii Boulila , Imed Riadh Farah","doi":"10.1016/j.cosrev.2023.100596","DOIUrl":"https://doi.org/10.1016/j.cosrev.2023.100596","url":null,"abstract":"<div><p><span><span>In the last decade, there has been a significant surge of interest in machine learning<span>, primarily driven by advancements in deep learning<span><span> (DL). DL has emerged as a powerful solution to address various challenges in numerous fields, including remote sensing (RS). Graph Deep Learning (GDL), a sub-field of DL, has recently gained increasing attention in the RS community. Tasks in RS requiring detailed information about the relationships between image/scene features are particularly well-suited for GDL. This study examines the notion of GDL and its recent developments in RS-related fields. An extensive survey of the current state-of-the-art in GDL is presented in this paper, with a specific emphasis on five established graph learning techniques: Graph Convolutional Networks (GCNs), Graph </span>Attention Networks<span> (GATs), Graph Recurrent Neural Networks (GRNNs), Graph Auto-encoders (GAEs), and Graph </span></span></span></span>Generative Adversarial Networks (GGANs). A taxonomy is proposed based on the </span>input data type (dynamic or static) or task being considered. Several promising research directions for GDL in RS are suggested in this paper to foster productive collaborations between the two domains. To the best of our knowledge, this study is the first to provide a comprehensive review that focuses on graph deep learning in remote sensing.</p></div>","PeriodicalId":48633,"journal":{"name":"Computer Science Review","volume":"50 ","pages":"Article 100596"},"PeriodicalIF":12.9,"publicationDate":"2023-10-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"49739147","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Asynchronous federated learning on heterogeneous devices: A survey","authors":"Chenhao Xu , Youyang Qu , Yong Xiang , Longxiang Gao","doi":"10.1016/j.cosrev.2023.100595","DOIUrl":"https://doi.org/10.1016/j.cosrev.2023.100595","url":null,"abstract":"<div><p>Federated learning (FL) is a kind of distributed machine learning framework, where the global model is generated on the centralized aggregation server based on the parameters of local models, addressing concerns about privacy leakage caused by the collection of local training data. With the growing computational and communication capacities of edge and IoT devices, applying FL on heterogeneous devices to train machine learning models is becoming a prevailing trend. Nonetheless, the synchronous aggregation strategy in the classic FL paradigm, particularly on heterogeneous devices, encounters limitations in resource utilization due to the need to wait for slow devices before aggregation in each training round. Furthermore, the uneven distribution of data across devices (i.e. data heterogeneity) in real-world scenarios adversely impacts the accuracy of the global model. Consequently, many asynchronous FL (AFL) approaches have been introduced across various application contexts to enhance efficiency, performance, privacy, and security. This survey comprehensively analyzes and summarizes existing AFL variations using a novel classification scheme, including device heterogeneity, data heterogeneity, privacy, and security on heterogeneous devices, as well as applications on heterogeneous devices. Finally, this survey reveals rising challenges and presents potentially promising research directions in this under-investigated domain.</p></div>","PeriodicalId":48633,"journal":{"name":"Computer Science Review","volume":"50 ","pages":"Article 100595"},"PeriodicalIF":12.9,"publicationDate":"2023-10-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"49738884","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Ruiyun Yu , Ann Move Oguti , Mohammad S. Obaidat , Shuchen Li , Pengfei Wang , Kuei-Fang Hsiao
{"title":"Blockchain-based solutions for mobile crowdsensing: A comprehensive survey","authors":"Ruiyun Yu , Ann Move Oguti , Mohammad S. Obaidat , Shuchen Li , Pengfei Wang , Kuei-Fang Hsiao","doi":"10.1016/j.cosrev.2023.100589","DOIUrl":"https://doi.org/10.1016/j.cosrev.2023.100589","url":null,"abstract":"<div><p>Mobile crowdsensing (MCS) is an emerging data-driven paradigm that leverages the collective intelligence<span> of the crowd, their mobility, and the crowd-companioned smart mobile devices<span><span> embedded with powerful sensors to acquire information from the physical environment for crowd intelligence extraction and human-centric service delivery. However, existing MCS systems operate in a centralized manner, giving rise to several challenges, including privacy, security, incentives, and dependence on a central service provider. Blockchain<span> is a novel application paradigm that incorporates point-to-point transmission, consensus mechanisms, cryptography, intelligent contracts, </span></span>distributed data storage<span><span>, and other computing technologies, creating a shift from the current centralized paradigm to a decentralized paradigm. Nonetheless, the convergence of MCS and blockchains necessitates addressing numerous fundamental challenges arising from their merger. This paper examines the major issues facing MCS systems and blockchain’s potential role in addressing them. We present the MCS-blockchain integrated deployment strategies, </span>architectural designs, and core blockchain technology principles that contribute significantly to the performance of blockchain-based MCS applications. Additionally, the advancement of blockchain technology and its impact on MCS system security and performance requirements are investigated. Finally, we highlight current research gaps and future research opportunities that may inspire the deployment of novel blockchain-based MCS systems.</span></span></span></p></div>","PeriodicalId":48633,"journal":{"name":"Computer Science Review","volume":"50 ","pages":"Article 100589"},"PeriodicalIF":12.9,"publicationDate":"2023-09-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"49739211","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Asad Ali , Inaam Ilahi , Adnan Qayyum , Ihab Mohammed , Ala Al-Fuqaha , Junaid Qadir
{"title":"A systematic review of federated learning incentive mechanisms and associated security challenges","authors":"Asad Ali , Inaam Ilahi , Adnan Qayyum , Ihab Mohammed , Ala Al-Fuqaha , Junaid Qadir","doi":"10.1016/j.cosrev.2023.100593","DOIUrl":"https://doi.org/10.1016/j.cosrev.2023.100593","url":null,"abstract":"<div><p>In response to various privacy risks, researchers and practitioners have been exploring different paradigms that can leverage the increased computational capabilities of consumer devices to train machine learning<span> (ML) models in a distributed fashion without requiring the uploading of the training data from individual devices to central facilities. For this purpose, federated learning (FL) was proposed as a technique that can learn a global machine model at a central master node by the aggregation of models trained locally using private data. However, organizations may be reluctant to train models locally and to share these local ML models due to the required computational resources for model training at their end and due to privacy risks that may result from adversaries inverting these models to infer information about the private training data. Incentive mechanisms have been proposed to motivate end users to participate in collaborative training of ML models (using their local data) in return for certain rewards. However, the design of an optimal incentive mechanism for FL is challenging due to its distributed nature and the fact that the central server has no access to clients’ hyperparameters information and the amount/quality data used for training, which makes the task of determining the reward based on the contribution of individual clients in FL environment difficult. Even though several incentive mechanisms have been proposed for FL, a thorough up-to-date systematic review is missing and this paper fills this gap. To the best of our knowledge, this paper is the first systematic review that comprehensively enlists the design principles required for implementing these incentive mechanisms and then categorizes various incentive mechanisms according to their design principles. In addition, we also provide a comprehensive overview of security challenges associated with incentive-driven FL. Finally, we highlight the limitations and pitfalls of these incentive schemes and elaborate upon open-research issues that require further research attention.</span></p></div>","PeriodicalId":48633,"journal":{"name":"Computer Science Review","volume":"50 ","pages":"Article 100593"},"PeriodicalIF":12.9,"publicationDate":"2023-09-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"49739207","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"A quest for research and knowledge gaps in cybersecurity awareness for small and medium-sized enterprises","authors":"Sunil Chaudhary , Vasileios Gkioulos , Sokratis Katsikas","doi":"10.1016/j.cosrev.2023.100592","DOIUrl":"https://doi.org/10.1016/j.cosrev.2023.100592","url":null,"abstract":"<div><p>The proliferation of information and communication technologies in enterprises enables them to develop new business models and enhance their operational and commercial activities. Nevertheless, this practice also introduces new cybersecurity risks and vulnerabilities. This may not be an issue for large organizations with the resources and mature cybersecurity programs in place; the situation with small and medium-sized enterprises (SMEs) is different since they often lack the resources, expertise, and incentives to prioritize cybersecurity. In such cases, cybersecurity awareness can be a critical component of cyberdefense. However, research studies dealing with cybersecurity awareness or related domains exclusively for SMEs are rare, indicating a pressing need for research addressing the cybersecurity awareness requirements of SMEs.</p><p>Prior to that, though, it is crucial to identify which aspects of cybersecurity awareness require further research in order to adapt or conform to the needs of SMEs. In this study, we conducted a systematic literature review that focused on cybersecurity awareness, prioritizing those performed with a particular focus on SMEs. The study seeks to analyze and evaluate such studies primarily to determine knowledge and research gaps in the cybersecurity awareness field for SMEs, thus providing a direction for future research.</p></div>","PeriodicalId":48633,"journal":{"name":"Computer Science Review","volume":"50 ","pages":"Article 100592"},"PeriodicalIF":12.9,"publicationDate":"2023-09-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"49739189","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"A Comprehensive review of ‘Internet of Healthcare Things’: Networking aspects, technologies, services, applications, challenges, and security concerns","authors":"Himanshu Verma , Naveen Chauhan , Lalit Kumar Awasthi","doi":"10.1016/j.cosrev.2023.100591","DOIUrl":"10.1016/j.cosrev.2023.100591","url":null,"abstract":"<div><p><span><span>The Internet of Things (IoT) is a smart, internet-connected, and omnipresent network. Healthcare is one of the most critical sectors that could benefit from IoT technology. In the medical sphere, the rise of the IoT transforms traditional </span>healthcare services by encouraging technological, social, and economic factors. This study rigorously analyzes various aspects of the </span><em>Internet of Healthcare Things (IoHT)</em>, such as networking terminology, enabling communication technologies, services, applications, implementation issues, research challenges, and security-related concerns. Communication techniques under licensed and unlicensed spectra are extensively investigated and compared on various identified parameters for short- and long-range connectivity. The aforementioned aspects thoroughly review the operational and implementation roles of enabling technology. Following a rigorous analysis, multiple research issues and challenges are identified and discussed, along with recommendations to address them. After that, several IoHT services and applications are highlighted and reviewed with a comparative analysis regarding enabling technologies. Additionally, essential security and privacy concerns, along with probable threats and attacks related to the Internet of Healthcare Things, are mentioned in this work. Finally, this paper also emphasizes the future directions of the IoHT domain.</p></div>","PeriodicalId":48633,"journal":{"name":"Computer Science Review","volume":"50 ","pages":"Article 100591"},"PeriodicalIF":12.9,"publicationDate":"2023-09-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"44660637","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Uncertainty in runtime verification: A survey","authors":"Rania Taleb , Sylvain Hallé , Raphaël Khoury","doi":"10.1016/j.cosrev.2023.100594","DOIUrl":"10.1016/j.cosrev.2023.100594","url":null,"abstract":"<div><p>Runtime Verification can be defined as a collection of formal methods for studying the dynamic evaluation of execution traces against formal specifications. Aside from creating a monitor from specifications and building algorithms for the evaluation of the trace, the process of gathering events and making them available for the monitor and the communication between the system under analysis and the monitor are critical and important steps in the runtime verification process. In many situations and for a variety of reasons, the event trace could be incomplete or could contain imprecise events. When a missing or ambiguous event is detected, the monitor may be unable to deliver a sound verdict. In this survey, we review the literature dealing with the problem of monitoring with incomplete traces. We list the different causes of uncertainty that have been identified, and analyze their effect on the monitoring process. We identify and compare the different methods that have been proposed to perform monitoring on such traces, highlighting the advantages and drawbacks of each method.</p></div>","PeriodicalId":48633,"journal":{"name":"Computer Science Review","volume":"50 ","pages":"Article 100594"},"PeriodicalIF":12.9,"publicationDate":"2023-09-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"46060737","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}