با سلام خدمت کاربران در صورتی که با خطای سیستم پرداخت بانکی مواجه شدید از طریق کارت به کارت (6037997535328901 بانک ملی ناصر خنجری ) مقاله خود را دریافت کنید (تا مشکل رفع گردد).
ردیف | عنوان | نوع |
---|---|---|
1 |
A comprehensive review on detection of cyber-attacks: Data sets, methods, challenges, and future research directions
بررسی جامع تشخیص حملات سایبری: مجموعه دادهها، روشها، چالش ها و جهتگیریهای تحقیقاتی آینده-2022 Rapid developments in network technologies and the amount and scope of data transferred on networks
are increasing day by day. Depending on this situation, the density and complexity of cyber threats
and attacks are also expanding. The ever-increasing network density makes it difficult for cybersecurity professionals to monitor every movement on the network. More frequent and complex cyberattacks make the detection and identification of anomalies in network events more complex. Machine
learning offers various tools and techniques for automating the detection of cyber attacks and for
rapid prediction and analysis of attack types. This study discusses the approaches to machine learning
methods used to detect attacks. We examined the detection, classification, clustering, and analysis of
anomalies in network traffic. We gave the cyber-security focus, machine learning methods, and data
sets used in each study we examined. We investigated which feature selection or dimension reduction
method was applied to the data sets used in the studies. We presented in detail the types of classification
carried out in these studies, which methods were compared with other methods, the performance
metrics used, and the results obtained in tables. We examined the data sets of network attacks presented
as open access. We suggested a basic taxonomy for cyber attacks. Finally, we discussed the difficulties
encountered in machine learning applications used in network attacks and their solutions
Keywords: Cyber attacks | Machine learning | Deep learning | Geometric deep learning | Cyber security | Adversarial machine learning | Intrusion detection |
مقاله انگلیسی |
2 |
Advanced digital forensics and anti-digital forensics for IoT systems: Techniques, limitations and recommendations
پزشکی قانونی دیجیتال پیشرفته و پزشکی قانونی ضد دیجیتال برای سیستم های اینترنت اشیا: تکنیک ها، محدودیت ها و توصیه ها-2022 Recently, the number of cyber attacks against IoT domains has increased tremendously. This
resulted into both human and financial losses at all IoT levels especially individual and
organization levels. Recently, cyber-criminals have kept on leveraging new skills and capabilities
by conducting anti-forensics activities and employing techniques and tools to cover their tracks
to evade any possible detection of the attack’s events, which has targeted either the IoT system
or/and its component(s). Consequently, IoT cyber-attacks are becoming more efficient and more
sophisticated with higher risks and threat levels based on their more frequent likelihood to occur
and their impact. However, traditional security and forensics solutions are no longer enough
to prevent nor investigate such cyber attacks, especially in terms of acquiring evidence for
attack investigation. Hence, the need for well-defined, sophisticated, and advanced forensics
investigation techniques is highly required to prevent anti-forensics techniques and track down
cyber criminals. This paper reviews the different forensics and anti-forensics methods that
can be applied in the IoT domain including tools, techniques, types, and challenges, while
also discussing the rise of the anti-anti-forensics as a new forensics protection mechanism
against anti-forensics activities. This would help forensics investigators to better understand
the different anti-forensics tools, methods and techniques that cyber criminals employ while
launching their attacks. Moreover, the limitations of the current forensics techniques are
discussed, especially in terms of issues and challenges. Finally, this paper presents a holistic view
from a literature point of view over the forensics domain in general and for IoT in particular.
Keywords: IoT digital-forensics | IoT anti-forensics | Anti-anti-forensics techniques | Counter anti-forensics | Internet of things forensics | Internet of Forensics Things | IoT digital forensics investigation | IoT source of evidences | Protecting and preserving IoT evidences |
مقاله انگلیسی |
3 |
Problems of Poison: New Paradigms and "Agreed" Competition in the Era of AI-Enabled Cyber Operations
مسئله سم: پارادایم های جدید و رقابت "توافق شده" در عصر عملیات سایبری با هوش مصنوعی-2020 Few developments seem as poised to alter the characteristics of security in
the digital age as the advent of artificial intelligence (AI) technologies. For national
defense establishments, the emergence of AI techniques is particularly worrisome,
not least because prototype applications already exist. Cyber attacks augmented by
AI portend the tailored manipulation of human vectors within the attack surface of
important societal systems at great scale, as well as opportunities for calamity resulting
from the secondment of technical skill from the hacker to the algorithm. Arguably
most important, however, is the fact that AI-enabled cyber campaigns contain great
potential for operational obfuscation and strategic misdirection. At the operational
level, techniques for piggybacking onto routine activities and for adaptive evasion of
security protocols add uncertainty, complicating the defensive mission particularly
where adversarial learning tools are employed in offense. Strategically, AI-enabled
cyber operations offer distinct attempts to persistently shape the spectrum of cyber
contention may be able to pursue conflict outcomes beyond the expected scope of
adversary operation. On the other, AI-augmented cyber defenses incorporated into
national defense postures are likely to be vulnerable to “poisoning” attacks that
predict, manipulate and subvert the functionality of defensive algorithms. This article
takes on two primary tasks. First, it considers and categorizes the primary ways in
which AI technologies are likely to augment offensive cyber operations, including the
shape of cyber activities designed to target AI systems. Then, it frames a discussion
of implications for deterrence in cyberspace by referring to the policy of persistent engagement, agreed competition and forward defense promulgated in 2018 by the United States. Here, it is argued that the centrality of cyberspace to the deployment
and operation of soon-to-be-ubiquitous AI systems implies new motivations for
operation within the domain, complicating numerous assumptions that underlie
current approaches. In particular, AI cyber operations pose unique measurement
issues for the policy regime. Keywords: deterrence | persistent engagement | cyber | AI | machine learning |
مقاله انگلیسی |
4 |
Hacking the AI - the Next Generation of Hijacked Systems
هک کردن هوش مصنوعی - نسل بعدی سیستم های ربوده شده-2020 Within the next decade, the need for automation, intelligent data handling
and pre-processing is expected to increase in order to cope with the vast amount of
information generated by a heavily connected and digitalised world. Over the past
decades, modern computer networks, infrastructures and digital devices have grown
in both complexity and interconnectivity. Cyber security personnel protecting these
assets have been confronted with increasing attack surfaces and advancing attack
patterns. In order to manage this, cyber defence methods began to rely on automation
and (artificial) intelligence supporting the work of humans. However, machine learning
(ML) and artificial intelligence (AI) supported methods have not only been integrated
in network monitoring and endpoint security products but are almost omnipresent in
any application involving constant monitoring, complex or large volumes of data.
Intelligent IDS, automated cyber defence, network monitoring and surveillance as
well as secure software development and orchestration are all examples of assets that
are reliant on ML and automation. These applications are of considerable interest to
malicious actors due to their importance to society. Furthermore, ML and AI methods
are also used in audio-visual systems utilised by digital assistants, autonomous
vehicles, face-recognition applications and many others. Successful attack vectors
targeting the AI of audio-visual systems have already been reported. These attacks
range from requiring little technical knowledge to complex attacks hijacking the
underlying AI. With the increasing dependence of society on ML and AI, we must prepare for the
next generation of cyber attacks being directed against these areas. Attacking a system
through its learning and automation methods allows attackers to severely damage the
system, while at the same time allowing them to operate covertly. The combination of being inherently hidden through the manipulation made, its devastating impact
and the wide unawareness of AI and ML vulnerabilities make attack vectors against
AI and ML highly favourable for malicious operators. Furthermore, AI systems
tend to be difficult to analyse post-incident as well as to monitor during operations.
Discriminating a compromised from an uncompromised AI in real-time is still
considered difficult.
In this paper, we report on the state of the art of attack patterns directed against AI
and ML methods. We derive and discuss the attack surface of prominent learning
mechanisms utilised in AI systems. We conclude with an analysis of the implications
of AI and ML attacks for the next decade of cyber conflicts as well as mitigations
strategies and their limitations. Keywords: AI hijacking | artificial intelligence | machine learning | cyber attack | cyber security |
مقاله انگلیسی |
5 |
Intelligent conditional collaborative private data sharing
به اشتراک گذاری داده های خصوصی شرطی هوشمند-2019 With the advent of distributed systems, secure and privacy-preserving data sharing between different
entities (individuals or organizations) becomes a challenging issue. There are several real-world scenarios
in which different entities are willing to share their private data only under certain circumstances, such
as sharing the system logs when there is indications of cyber attack in order to provide cyber threat
intelligence. Therefore, over the past few years, several researchers proposed solutions for collaborative
data sharing, mostly based on existing cryptographic algorithms. However, the existing approaches are
not appropriate for conditional data sharing, i.e., sharing the data if and only if a pre-defined condition is
satisfied due to the occurrence of an event. Moreover, in case the existing solutions are used in conditional
data sharing scenarios, the shared secret will be revealed to all parties and re-keying process is necessary.
In this work, in order to address the aforementioned challenges, we propose, a ‘‘conditional collaborative
private data sharing’’ protocol based on Identity-Based Encryption and Threshold Secret Sharing schemes.
In our proposed approach, the condition based on which the encrypted data will be revealed to the
collaborating parties (or a central entity) could be of two types: (i) threshold, or (ii) pre-defined policy.
Supported by thorough analytical and experimental analysis, we show the effectiveness and performance
of our proposal. |
مقاله انگلیسی |
6 |
Privacy-friendly platform for healthcare data in cloud based on blockchain environment
بسترهای سازگار با حریم خصوصی برای داده های بهداشت و درمان در ابر مبتنی بر محیط بلاکچین-2019 Data in cloud has always been a point of attraction for the cyber attackers. Nowadays healthcare data in
cloud has become their new interest. Attacks on these healthcare data can result in annihilating consequences
for the healthcare organizations. Decentralization of these cloud data can minimize the effect
of attacks. Storing and running computation on sensitive private healthcare data in cloud are possible
by decentralization which is enabled by peer to peer (P2P) network. By leveraging the decentralized or
distributed property, blockchain technology ensures the accountability and integrity. Different solutions
have been proposed to control the effect of attacks using decentralized approach but these solutions
somehow failed to ensure overall privacy of patient centric systems. In this paper, we present a patient
centric healthcare data management system using blockchain technology as storage which helps to attain
privacy. Cryptographic functions are used to encrypt patient’s data and to ensure pseudonymity. We
analyze the data processing procedures and also the cost effectiveness of the smart contracts used in
our system. Keywords: Blockchain | Decentralization | Healthcare data in cloud | Pseudonymity | Privacy | Security | Smart contract |
مقاله انگلیسی |
7 |
Big Data Mining of Users Energy Consumption Patterns in the Wireless Smart Grid
کاوش داده های بزرگ الگوهای مصرف انرژی کاربران در شبکه هوشمند بی سیم-2018 A growing number of utility companies are starting to use cellular wireless networks to transmit data in the smart grid. Consequently, millions of users daily energy consumption data are sent by wireless smart meters. However, the broadcast transfer manner of wireless communication makes it naturally vulnerable to cyber attacks. Since smart meter readings can easily be leaked, users energy patterns could be inferred. Hence, users privacy at home is under serious threat. This article begins by introducing the existing work on stealing data from wireless communication networks. Then three types of big data mining schemes for analyzing stolen data are represented. Finally, we discuss several ongoing defense strategies in the era of the wireless smart grid.
Keywords: Big Data, cellular radio, data mining, data privacy, energy consumption, power engineering computing, power system security, security of data,smart meters, smart power grids |
مقاله انگلیسی |
8 |
Security analysis of an advanced metering infrastructure
تجزیه و تحلیل امنیت یک زیرساخت اندازه گیری پیشرفته-2017 Article history:Received 28 December 2016Revised 23 February 2017Accepted 25 February 2017 Available online xxxKeywords:Advanced Metering Infrastructure Smart MetersData Collectors Attack Vectors Targets Functionality Attacks ImpactsAn advanced metering infrastructure is an integrated system of smart meters, communica- tions networks and data management systems designed to support the safe, efficient and re- liable distribution of electricity while providing advanced functionality to energy customers. Unfortunately, sophisticated cyber attacks on advanced metering infrastructures are a clear and present danger. The most devastating scenario involves a computer worm that traverses advanced metering infrastructures and permanently disables millions of smart meters.This paper presents a security analysis of an advanced metering infrastructure com- prising more than one million smart meters, 100+ data collectors and two meter data man- agement systems. Specifically, it provides detailed evaluations of the attack surface, targets– especially the critical data collectors – and their functionality, and possible attacks and their impacts. The systematic identification of each target and its functionality, and possi- ble attacks and their direct impacts, are essential to understanding the security landscape as well as specifying and prioritizing mitigation efforts as part of a robust risk management program. Although this work is based on an analysis of one large advanced metering infras- tructure, strong attempts have been undertaken to extract and articulate the commonalities when describing the attack surface, targets, possible attacks and their impacts. Thus, the re- sults presented in this paper can be used as a foundation upon which the unique aspects of an advanced metering infrastructure can be added to create a robust risk management program geared for the specific deployment.© 2017 Elsevier B.V. All rights reserved. Keywords:Advanced Metering Infrastructure | Smart Meters | Data Collectors | Attack Vectors | Targets | Functionality | Attacks | Impacts |
مقاله انگلیسی |
9 |
Dynamic risk management response system to handle cyber threats
سیستم پاسخ ریسک پویا برای پاسخگوئی به تهدیدات سایبری-2017 Appropriate response strategies against new and ongoing cyber attacks must be able to reduce risks down
to acceptable levels, without sacrificing a mission for security. Existing approaches either evaluate impacts
without considering missions’ negative-side effects, or are manually based on traditional risk assess
ments, leaving aside technical difficulties. In this paper we propose a dynamic risk management response
system (DRMRS) consisting of a proactive and reactive management software aiming at evaluating threat
scenarios in an automated manner, as well as anticipating the occurrence of potential attacks. We adopt a
quantitative risk-aware approach that provides a comprehensive view of the threats, by considering their
likelihood of success, the induced impact, the cost of the possible responses, and the negative side-effects
of a response. Responses are selected and proposed to operators based on financial, operational and threat
assessments. The DRMRS is applied to a real case study of a critical infrastructure with multiple threat
scenarios.
Keywords: Dynamic system | Automated response | Risk assessment | Graph attack | Security assurance | Cybersecurity |
مقاله انگلیسی |
10 |
Design and implementation of UPnP-based energy gateway for demand side management in smart grid
طراحی و پیاده سازی دروازه انرژی مبتنی بر UPnP برای مدیریت سمت تقاضا در شبکه های هوشمند -2017 Legacy electrical grids are urged to evolve towards smart grids, the smarter power delivery system that
relies heavily on ICT. Numerous smart grids applications are expected to be developed for efficient man
agement and utilization of electricity at the demand side such as home automation, Advanced Metering
Infrastructure (AMI), dynamic energy pricing, efficient load management, etc. For easing and boosting
the development of new demand side services, the concept of Home Energy Gateway (HEG) has recently
been proposed in literature. It involves communication with the utility as well as with devices at the
consumer sites. The literature still lacks a comprehensive HEG design that could provide all essential fea
tures such as zero-configuration, auto-discovery, seamless plug & play communication, interoperability
and integration, customers privacy and communication security.
This paper addresses the HEG challenges in an effective way through the design of suitable communi
cation frameworks and a security mechanism for enabling strong protection against cyber attacks. The
proposed system effectively copes with the interoperability and integration issues between plethora of
heterogeneous devices at the consumer sites. The devices in proposed system inherit plug & play fea
tures and support zero-configuration and seamless networking. Further, the proposed system design is
technology-agnostic and flexible enough to be adopted for the implementation of any specific demand
side service. This paper also evaluates the proposed system in real-networking environment and presents
performance metrics.
Keywords: Smart grid | Home energy gateway | Universal plug & play | Utility services | Demand side management | Smart home | Privacy | Security |
مقاله انگلیسی |