با سلام خدمت کاربران عزیز، به اطلاع می رساند ترجمه مقالاتی که سال انتشار آن ها زیر 2008 می باشد رایگان بوده و میتوانید با وارد شدن در صفحه جزییات مقاله به رایگان ترجمه را دانلود نمایید.
Internet of Things: Evolution and technologies from a security perspective
اینترنت اشیاء: تکامل و فناوری ها از دیدگاه امنیتی-2020
In recent years, IoT has developed into many areas of life including smart homes, smart cities, agriculture, offices, and workplaces. Everyday physical items such as lights, locks and industrial machineries can now be part of the IoT ecosystem. IoT has redefined the management of critical and non-critical systems with the aim of making our lives more safe, efficient and comfortable. As a result, IoT technology is having a huge positive impact on our lives. However, in addition to these positives, IoT systems have also attracted negative attention from malicious users who aim to infiltrate weaknesses within IoT systems for their own gain, referred to as cyber security attacks. By creating an introduction to IoT, this paper seeks to highlight IoT cyber security vulnerabilities and mitigation techniques to the reader. The paper is suitable for developers, practitioners, and academics, particularly from fields such as computer networking, information or communication technology or electronics. The paper begins by introducing IoT as the culmination of two hundred years of evolution within communication technologies. Around 2014, IoT reached consumers, early products were mostly small closed IoT networks, followed by large networks such as smart cities, and continuing to evolve into Next Generation Internet; internet systems which incorporate human values. Following this evolutionary introduction, IoT architectures are compared and some of the technologies that are part of each architectural layer are introduced. Security threats within each architectural layer and some mitigation strategies are discussed, finally, the paper concludes with some future developments.
Keywords: IoT | Internet of Things | Security | Cyber security | Secure by Design | Next Generation Internet | Smart city | Sustainable city | Energy reduction | Building Energy Management Systems
A semantic-based methodology for digital forensics analysis
یک روش مبتنی بر معنایی برای تجزیه و تحلیل پزشکی قانونی دیجیتال-2020
Nowadays, more than ever, digital forensics activities are involved in any criminal, civil or military investigation and represent a fundamental tool to support cyber-security. Investigators use a variety of techniques and proprietary software forensics applications to examine the copy of digital devices, searching hidden, deleted, encrypted, or damaged files or folders. Any evidence found is carefully analysed and documented in a ‘‘finding report’’ in preparation for legal proceedings that involve discovery, depositions, or actual litigation. The aim is to discover and analyse patterns of fraudulent activities. In this work, a new methodology is proposed to support investigators during the analysis process, correlating evidence found through different forensics tools. The methodology was implemented through a system able to add semantic assertion to data generated by forensics tools during extraction processes. These assertions enable more effective access to relevant information and enhanced retrieval and reasoning capabilities.
Keywords: Digital forensics | Text analysis | Log analysis | Correlation | Cybersecurity
A multi-layered blockchain framework for smart mobility datamarkets
یک چارچوب بلاکچین چند لایه برای بانک اطلاعاتی تحرک هوشمند-2019
Blockchain has the potential to render the transaction of information more secure and transparent. Nowadays, transportation data are shared across multiple entities using heterogeneous mediums, from paper collected data to smartphone. Most of this data are stored in central servers that are susceptible to hacks. In some cases shady actors who may have access to such sources, share the mobility data with unwanted third parties. A multi-layered Blockchain framework for Smart Mobility Data-market (BSMD) is presented for addressing the associated privacy, security, management, and scalability challenges. Each participant shares their encrypted data to the blockchain network and can transact information with other participants as long as both parties agree to the transaction rules issued by the owner of the data. Data ownership, transparency, auditability and access control are the core principles of the proposed blockchain for smart mobility data-market. In a case study of real-time mobility data sharing, we demonstrate the performance of BSMD on a 370 nodes blockchain running on heterogeneous and geographicallyseparated devices communicating on a physical network. We also demonstrate how BSMD ensures the cybersecurity and privacy of individual by safeguarding against spoofing and message interception attacks and providing information access management control.
Keywords: Blockchain | Privacy | Cybersecurity | Mobility | Big Data
Snatched secrets: Cybercrime and trade secrets modelling a firms decision to report a theft of trade secrets
اسرار ربوده شده: جرایم سایبری و اسرار تجاری مدل سازی تصمیم یک شرکت برای گزارش سرقت اسرار تجاری-2019
Cybercrime and economic espionage are increasing problems for firms. We build on US FBI policy to frame the interaction between a cybercrime victim firm and a government security agency. We bring together several strands in the literature to model the strategies of the firm, which has suffered a cy- ber breach and theft of trade secrets, and the government security agency, which must investigate and prosecute crimes. We investigate the interactions between these two players, in which the firm has pri- vate information about its cybersecurity investment. This investment level is unknown to the security agency, which must nonetheless decide how to prioritize reported crime. We model this asymmetric in- formation problem within a game theoretic signaling framework derived from Becker’s work in crime and punishment. We suggest that such a framework can inform policy to encourage security investments by firms and more efficient resource utilization by security agencies. We particularly focus on an illustrative stylized example to highlight how our modelling approach can be helpful. In this example we compare two worlds; one where all security breaches become public knowledge and another where only reported breaches become public knowledge. We then formulate two potentially testable Hypotheses and several implications of these Hypotheses. Case studies and a policy analysis further highlight how our framework plays out in reality
Keywords: Cyber security | Cybercrime | Trade secrets | Economic espionage | Cyber breaches
Attack and anomaly detection in IoT sensors in IoT sites using machine learning approaches
حمله و تشخیص ناهنجاری در سنسورهای IoT در سایت های IoT با استفاده از روشهای یادگیری ماشین-2019
Attack and anomaly detection in the Internet of Things (IoT) infrastructure is a rising concern in the domain of IoT. With the increased use of IoT infrastructure in every do- main, threats and attacks in these infrastructures are also growing commensurately. De- nial of Service, Data Type Probing, Malicious Control, Malicious Operation, Scan, Spying and Wrong Setup are such attacks and anomalies which can cause an IoT system failure. In this paper, performances of several machine learning models have been compared to predict attacks and anomalies on the IoT systems accurately. The machine learning (ML) algorithms that have been used here are Logistic Regression (LR), Support Vector Machine (SVM), Decision Tree (DT), Random Forest (RF), and Artificial Neural Network (ANN). The evaluation metrics used in the comparison of performance are accuracy, precision, recall, f1 score, and area under the Receiver Operating Characteristic Curve. The system obtained 99.4% test accuracy for Decision Tree, Random Forest, and ANN. Though these techniques have the same accuracy, other metrics prove that Random Forest performs comparatively better.
Keywords: Internet of Things (IoT) | Machine Learning | Cybersecurity | Anomaly detection
A survey on cybersecurity, data privacy, and policy issues in cyber-physical system deployments in smart cities
مروری بر امنیت سایبری ، حریم خصوصی داده ها و مسائل مربوط به سیاست در استقرار سیستم سایبر فیزیکی در شهرهای هوشمند-2019
Deployments of Cyber Physical Systems (CPSs) in smart cities are poised to significantly improve healthcare, transportation services, utilities, safety, and environmental health. However, these efficiencies and service improvements will come at a price: increased vulnerability and risk. Smart city deployments have already begun to proliferate, as have the upsides, efficiencies, and cost-savings they can facilitate. There are, however, proliferating challenges and costs as well. These challenges include important technical questions, but equally important policy and organizational questions. It is important to understand that these policy and technical implementation hurdles are perhaps equally likely to slow or disable smart city implementation efforts. In this paper, a survey of the theoretical and practical challenges and opportunities are enumerated not only in terms of their technical aspects, but also in terms of policy and governance issues of concern..
Keywords: Smart cities | Cyber security | Government policy making | Cryptography | Security and privacy | Authentication
Friction, snake oil, and weird countries: Cybersecurity systems could deepen global inequality through regional blocking
اصطکاک، روغن مار، و کشورهای عجیب و غریب: سیستم های امنیت سایبری می تواند نابرابری جهانی را از طریق مسدود سازی منطقه ای تقویت کند-2019
In this moment of rising nationalism worldwide, governments, civil society groups, transnational companies, and web users all complain of increasing regional fragmentation online. While prior work in this area has primarily focused on issues of government censorship and regulatory compliance, we use an inductive and qualitative approach to examine targeted blocking by corporate entities of entire regions motivated by concerns about fraud, abuse, and theft. Through participant-observation at relevant events and intensive interviews with experts, we document the quest by professionals tasked with preserving online security to use new machine-learning based techniques to develop a ‘‘fairer’’ system to determine patterns of ‘‘good’’ and ‘‘bad’’ usage. However, we argue that without understanding the systematic social and political conditions that produce differential behaviors online, these systems may continue to embed unequal treatments, and troublingly may further disguise such discrimination behind more complex and less transparent automated assessment. In order to support this claim, we analyze how current forms of regional blocking incentivize users in blocked regions to behave in ways that are commonly flagged as problematic by dominant security and identification systems. To realize truly global, non-Eurocentric cybersecurity techniques would mean incorporating the ecosystems of service utilization developed by marginalized users rather than reasserting norms of an imagined (Western) user that casts aberrations as suspect.
Keywords: Regional blocking | machine learning | classification | inequality | discrimination | security
A cybercrime incident architecture with adaptive response policy
معماری حوادث سایبری با سیاست واکنش تطبیقی-2019
Handling and mitigating the cybercrime incidents (CIs) have attracted significant research attention, over the last years, due to their increasing frequency of occurrence. However, the term cybercrime is often used interchangeably with other technology-linked malicious acts, such as cyberwarfare, and cyberterrorism, leading to misconceptions. In addition, there does not exist a management framework which would classify CIs, qualitatively and quantitatively evaluate their occurrence and promptly align them with appropriate measures and policies. This work introduces a Cybercrime Incident Architecture that enables a comprehensive cybercrime embodiment through feature identification, offence classification mechanisms, threats’ severity labeling and a completely novel Adaptive Response Policy (ARP) that identifies and interconnects the relevant stakeholders with preventive measures and response actions. The proposed architecture consists of four separate complementary components that lead to a manually – and in the future automatically – generated ARP. The idea is to build a holistic framework toward automated cybercrime handling. A criminal case study is selected to validate the introduced framework and highlight its potentiality to evolve into a CI expert system.
Keywords: Cybercrime incident | Offence classification system | Cyber-security | Threat severity | Security and privacy | Investigation techniques | Social engineering attacks | Malware/spyware crime
Deep Learning Clusters in the Cognitive Packet Network
خوشه های یادگیری عمیق در شبکه بسته های شناختی-2019
The Cognitive Packet Network (CPN) bases its routing decisions and flow control on the Random Neural Network (RNN) Reinforcement Learning algorithm; this paper proposes the addition of a Deep Learning (DL) Cluster management structure to the CPN for Quality of Service metrics (Delay Loss and Bandwidth), Cyber Security keys (User, Packet and Node) and Management decisions (QoS, Cyber and CEO). The RNN already models how neurons transmit information using positive and negative impulsive signals whereas the proposed additional Deep Learning structure emulates the way the brain learns and takes decisions; this paper presents a brain model as the combination of both learning algorithms, RNN and DL. The pro- posed model has been simulated under different network sizes and scenarios and it has been validated against the CPN itself without DL clusters. The simulation results are promising; the presented CPN with DL clusters as a mechanism to transmit, learn and make packet routing decisions is a step closer to em- ulate the way the brain transmits information, learns the environment and takes decisions.
Keywords: Random Neural Network | Deep Learning Clusters | Cognitive Packet Network | QoS | Cybersecurity | Routing
Cyber -attack detection in SCADA systems using temporal pattern recognition techniques
تشخیص حمله سایبری در سیستم های SCADA با استفاده از تکنیک های تشخیص الگوی زمانی-2019
Critical infrastructures crucial to our modern life, such as electricity grids and water pumps, are controlled by Supervisory Control and Data Acquisition (SCADA) systems. Over the last two decades, connecting critical infrastructures to the Internet has become essential due to performance and commercial needs. The combination of Internet connections to systems with little if any security features and the fact that security by obscurity is not working anymore, has moved the topic of SCADA security into the forefront in the last few years. To address these challenges, in this paper we propose cyber-attack detection techniques based on temporal pattern recognition. Temporal pattern recognition methods do not only look for anomalies in the data transferred by the SCADA components over the network but also look for anomalies that can occur by misusing legitimate commands such that unauthorized and incorrect time intervals between them may cripple the system. Specifically, we propose two algorithms based on Hidden Markov Models (HMM) and Artificial Neural Networks (ANN). We evaluate the algorithms on real and simulated SCADA data with five different feature extraction methods; in each method, the algorithms consider different aspects of the raw data. The results show that temporal pattern recognition methods, especially those based on time feature extraction, can detect cyber-attacks, including those that involve legitimate functions, which are known in the literature as hard to detect
Keywords: Cyber-attack detection | SCADA systems | Pattern recognition | Cyber-physical security | Data-driven