In the pursuit of discerning patterns within computer network attacks, the utilization of Machine Learning and Deep Learning algorithms has been prevalent for crafting detection models based on extensive network traffic datasets. Furthermore, enhancing detection efficacy is feasible by applying cluster learning techniques, wherein multiple Machine Learning models collaborate to yield detection outcomes. Nevertheless, it is imperative to discern the optimal features within the dataset for training the intrusion detection model. In the present study, we proffer a novel framework for feature selection and intrusion detection within industrial networks, employing Ensemble Learning to achieve commendable performance in terms of both high predictive accuracy and efficient learning duration. The outcomes evince that the proposed model exhibits an accuracy of 99.93%, with a mere one h and 34 min required for comprehensive training. In contrast, a model trained without the framework presented in this paper attains an accuracy of 99.94%, necessitating an extensive training period of 156 h. Notably, the detection model derived from the proposed solution demonstrates superior results in prediction time, accomplishing predictions within 0.0009 seconds, compared to the alternative model which requires 0.0076 seconds for predictions.
{"title":"TENNER: intrusion detection models for industrial networks based on ensemble learning","authors":"Nicole do Vale Dalarmelina, Pallavi Arora, Geraldo Pereira Rocha Filho, Rodolfo Ipolito Meneguette, Marcio Andrey Teixeira","doi":"10.20517/jsss.2023.51","DOIUrl":"https://doi.org/10.20517/jsss.2023.51","url":null,"abstract":"In the pursuit of discerning patterns within computer network attacks, the utilization of Machine Learning and Deep Learning algorithms has been prevalent for crafting detection models based on extensive network traffic datasets. Furthermore, enhancing detection efficacy is feasible by applying cluster learning techniques, wherein multiple Machine Learning models collaborate to yield detection outcomes. Nevertheless, it is imperative to discern the optimal features within the dataset for training the intrusion detection model. In the present study, we proffer a novel framework for feature selection and intrusion detection within industrial networks, employing Ensemble Learning to achieve commendable performance in terms of both high predictive accuracy and efficient learning duration. The outcomes evince that the proposed model exhibits an accuracy of 99.93%, with a mere one h and 34 min required for comprehensive training. In contrast, a model trained without the framework presented in this paper attains an accuracy of 99.94%, necessitating an extensive training period of 156 h. Notably, the detection model derived from the proposed solution demonstrates superior results in prediction time, accomplishing predictions within 0.0009 seconds, compared to the alternative model which requires 0.0076 seconds for predictions.","PeriodicalId":509397,"journal":{"name":"Journal of Surveillance, Security and Safety","volume":" 1127","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-04-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140681998","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The number of smart devices connected to the Internet has been constantly increasing, and as a result, lightweight cryptography (LWC) has become more important in the past decade. The Lightweight Cryptography (LWC) Project is an initiative taken by the National Institute of Standards and Technology (NIST) to standardize such LWC algorithms. Grain128-AEAD, which was submitted to the NIST LWC project, is an encryption algorithm that provides both confidentiality and integrity assurance. Third-party security analysis of the submitted ciphers is an important aspect of the evaluation of the submission to the NIST LWC project. Although several pieces of existing research, such as the bit-flipping attack, random fault attack, and deterministic random fault attack, have examined the security of Grain128-AEAD, there is still room for improvement in the fault attack models of these studies. This work aims to fill this research gap by analyzing the security margin of Grain128-AEAD against a series of improved differential fault attacks. In this study, we developed a probabilistic random fault attack and applied it to Grain128-AEAD. As an improvement of the existing research, a probabilistic approach can be applied to a more relaxed moderate control attack model. The existing moderate control model assumes the fault to be injected within any bit of a given byte, whereas the faults in our improved approach can be injected within any bits of a two-byte/four-byte segment, thereby relaxing the fault precision. The results indicate that the improved moderate control requires 388 keystreams for the two-byte model and 279 for the four-byte model to identify the target fault locations for implementing a state recovery attack. The relaxed fault attack models presented in this work are more practical to implement; hence, the findings of this research have improved the existing studies and narrowed the current research gap on the fault attack models of Grain128-AEAD. % To maintain consistency in terminology, "Grain-128AEAD" has been revised to "Grain128-AEAD" in both the abstract and the main text. Please confirm this revision.
{"title":"Improved differential fault analysis of Grain128-AEAD","authors":"Tianyu Fang, Iftekhar Salam, Wei‐Chuen Yau","doi":"10.20517/jsss.2023.42","DOIUrl":"https://doi.org/10.20517/jsss.2023.42","url":null,"abstract":"The number of smart devices connected to the Internet has been constantly increasing, and as a result, lightweight cryptography (LWC) has become more important in the past decade. The Lightweight Cryptography (LWC) Project is an initiative taken by the National Institute of Standards and Technology (NIST) to standardize such LWC algorithms. Grain128-AEAD, which was submitted to the NIST LWC project, is an encryption algorithm that provides both confidentiality and integrity assurance. Third-party security analysis of the submitted ciphers is an important aspect of the evaluation of the submission to the NIST LWC project. Although several pieces of existing research, such as the bit-flipping attack, random fault attack, and deterministic random fault attack, have examined the security of Grain128-AEAD, there is still room for improvement in the fault attack models of these studies. This work aims to fill this research gap by analyzing the security margin of Grain128-AEAD against a series of improved differential fault attacks. In this study, we developed a probabilistic random fault attack and applied it to Grain128-AEAD. As an improvement of the existing research, a probabilistic approach can be applied to a more relaxed moderate control attack model. The existing moderate control model assumes the fault to be injected within any bit of a given byte, whereas the faults in our improved approach can be injected within any bits of a two-byte/four-byte segment, thereby relaxing the fault precision. The results indicate that the improved moderate control requires 388 keystreams for the two-byte model and 279 for the four-byte model to identify the target fault locations for implementing a state recovery attack. The relaxed fault attack models presented in this work are more practical to implement; hence, the findings of this research have improved the existing studies and narrowed the current research gap on the fault attack models of Grain128-AEAD. % To maintain consistency in terminology, \"Grain-128AEAD\" has been revised to \"Grain128-AEAD\" in both the abstract and the main text. Please confirm this revision.","PeriodicalId":509397,"journal":{"name":"Journal of Surveillance, Security and Safety","volume":"2 12","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-03-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140362588","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Railways represent a critical infrastructure in modern societies. In the past few years, cyber attacks on these infrastructures have been rising, and there is a need to properly analyze the vulnerabilities of field devices. This work focuses on the wireless communication that is defined in the European Rail Traffic Management System standard and proposes a survey of the vulnerabilities of the main employed protocols. Also, it provides some research lines. This study shows how several issues still exist within wireless communication in the railway sector.
{"title":"A survey on wireless-communication vulnerabilities of ERTMS in the railway sector","authors":"G. Gaggero, Mario Marchese, Paola Girdinio","doi":"10.20517/jsss.2023.35","DOIUrl":"https://doi.org/10.20517/jsss.2023.35","url":null,"abstract":"Railways represent a critical infrastructure in modern societies. In the past few years, cyber attacks on these infrastructures have been rising, and there is a need to properly analyze the vulnerabilities of field devices. This work focuses on the wireless communication that is defined in the European Rail Traffic Management System standard and proposes a survey of the vulnerabilities of the main employed protocols. Also, it provides some research lines. This study shows how several issues still exist within wireless communication in the railway sector.","PeriodicalId":509397,"journal":{"name":"Journal of Surveillance, Security and Safety","volume":"21 9","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-02-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140433012","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Most cryptographic applications use randomness that is generated by pseudo-random number generators (PRNGs). A popular PRNG practical choice is the NIST standardized $$ rm{CTR_DRBG}$$ . In their recent ACNS 2023 publication, Andreeva and Weninger proposed a new and more efficient and secure PRNG called $$ mathtt{FCRNG}$$ . $$ mathtt{FCRNG}$$ is based on $$ rm{CTR_DRBG}$$ and uses the $$ n $$ -to-$$ 2n $$ forkcipher expanding primitive ForkSkinny as a building block. In this work, we create a new BKRNG PRNG, which is based on $$ mathtt{FCRNG}$$ and employs the novel $$ n $$ -to-$$ 8n $$ expanding primitive Butterknife. Butterknife is based on the Deoxys tweakable blockcipher (and thus AES) and realizes a tweakable expanding pseudo-random function. While both blockciphers and forkciphers are invertible primitives, tweakable expanding pseudo-random functions are not. This functional simplification enables security benefits for BKRNG in the robustness security game - the standard security goal for a PRNG. Contrary to the security bound of $$ rm{CTR_DRBG}$$ , we show that the security of our BKRNG construction does not degrade with the length of the random inputs, nor the number of requested output pseudo-random bits. We also empirically verify the BKRNG security with the NIST PRNG test suite and the TestU01 suite.� Furthermore, we show the $$ n $$ -to-$$ 8n $$ multi-branch expanding nature of Butterknife contributes to a significant speed-up in the efficiency of BKRNG compared to $$ mathtt{FCRNG}$$ . More concretely, producing random bits with BKRNG is 30.0% faster than $$ mathtt{FCRNG}$$ and 49.2% faster than $$ rm{CTR_DRBG}$$ .
{"title":"A TPRF-based pseudo-random number generator","authors":"Elena Andreeva, Andreas Weninger","doi":"10.20517/jsss.2023.45","DOIUrl":"https://doi.org/10.20517/jsss.2023.45","url":null,"abstract":"Most cryptographic applications use randomness that is generated by pseudo-random number generators (PRNGs). A popular PRNG practical choice is the NIST standardized $$ rm{CTR_DRBG}$$ . In their recent ACNS 2023 publication, Andreeva and Weninger proposed a new and more efficient and secure PRNG called $$ mathtt{FCRNG}$$ . $$ mathtt{FCRNG}$$ is based on $$ rm{CTR_DRBG}$$ and uses the $$ n $$ -to-$$ 2n $$ forkcipher expanding primitive ForkSkinny as a building block. In this work, we create a new BKRNG PRNG, which is based on $$ mathtt{FCRNG}$$ and employs the novel $$ n $$ -to-$$ 8n $$ expanding primitive Butterknife. Butterknife is based on the Deoxys tweakable blockcipher (and thus AES) and realizes a tweakable expanding pseudo-random function. While both blockciphers and forkciphers are invertible primitives, tweakable expanding pseudo-random functions are not. This functional simplification enables security benefits for BKRNG in the robustness security game - the standard security goal for a PRNG. Contrary to the security bound of $$ rm{CTR_DRBG}$$ , we show that the security of our BKRNG construction does not degrade with the length of the random inputs, nor the number of requested output pseudo-random bits. We also empirically verify the BKRNG security with the NIST PRNG test suite and the TestU01 suite.\u0000 Furthermore, we show the $$ n $$ -to-$$ 8n $$ multi-branch expanding nature of Butterknife contributes to a significant speed-up in the efficiency of BKRNG compared to $$ mathtt{FCRNG}$$ . More concretely, producing random bits with BKRNG is 30.0% faster than $$ mathtt{FCRNG}$$ and 49.2% faster than $$ rm{CTR_DRBG}$$ .","PeriodicalId":509397,"journal":{"name":"Journal of Surveillance, Security and Safety","volume":"31 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-01-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140491196","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The proliferation of software tools and automated techniques in digital forensics has brought about some controversies regarding bias and fairness. Different biases exist and have been proven in some civil and criminal cases. In our research, we analyze and discuss these biases present in software tools and automation systems used by law enforcement organizations and in court proceedings. Furthermore, we present real-life cases and scenarios where some of these biases have determined or influenced these cases. We were also able to provide recommendations for reducing bias in software tools, which we hope will be the foundation for a framework that reduces or eliminates bias from software tools used in digital forensics. In conclusion, we anticipate that this research can help increase validation in digital forensics software tools and ensure users' trust in the tools and automation techniques.
{"title":"Bias and fairness in software and automation tools in digital forensics","authors":"Razaq Jinad, Khushi Gupta, Ecem Simsek, Bing Zhou","doi":"10.20517/jsss.2023.41","DOIUrl":"https://doi.org/10.20517/jsss.2023.41","url":null,"abstract":"The proliferation of software tools and automated techniques in digital forensics has brought about some controversies regarding bias and fairness. Different biases exist and have been proven in some civil and criminal cases. In our research, we analyze and discuss these biases present in software tools and automation systems used by law enforcement organizations and in court proceedings. Furthermore, we present real-life cases and scenarios where some of these biases have determined or influenced these cases. We were also able to provide recommendations for reducing bias in software tools, which we hope will be the foundation for a framework that reduces or eliminates bias from software tools used in digital forensics. In conclusion, we anticipate that this research can help increase validation in digital forensics software tools and ensure users' trust in the tools and automation techniques.","PeriodicalId":509397,"journal":{"name":"Journal of Surveillance, Security and Safety","volume":"5 2","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-01-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140493344","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Federated learning has become a pivotal tool in healthcare, enabling valuable insights to be gleaned from disparate datasets held by cautious data owners concerned about data privacy. This method involves the analysis of data from diverse locations, which is subsequently aggregated and trained on a central server. Data distribution can occur vertically or horizontally in this decentralized setup. In our approach, we employ a unique vertical partition learning process, segmenting data by characteristics or columns for each record across all local sites, known as Vertical Distributed Learning or features distributed machine learning. Our collaborative learning approach utilizes Stochastic Gradient Descent to collectively learn from each local site and compute the final result on a central server. Notably, during the training phase, no raw data or model parameters are exchanged; only local prediction results are shared and aggregated. Yet, sharing local prediction results raises privacy concerns, which we mitigate by introducing noise into the local results using a Differential Privacy algorithm. This paper introduces a robust vertical distributed learning system that emphasizes user privacy for healthcare data. To assess our approach, we conducted experiments using the sensitive healthcare data in the Medical Information Mart for Intensive Care-Ⅲ dataset and the publicly available Adult dataset. Our experimental results demonstrate that our approach achieves an accuracy level similar to that of a fully centralized model, significantly surpassing training based solely on local features. Consequently, our solution offers an effective federated learning approach for healthcare, preserving data locality and privacy while efficiently harnessing vertically partitioned data.
{"title":"Privacy preserving vertical distributed learning for health data","authors":"T. Islam, Noman Mohammed, Dima Alhadidi","doi":"10.20517/jsss.2023.28","DOIUrl":"https://doi.org/10.20517/jsss.2023.28","url":null,"abstract":"Federated learning has become a pivotal tool in healthcare, enabling valuable insights to be gleaned from disparate datasets held by cautious data owners concerned about data privacy. This method involves the analysis of data from diverse locations, which is subsequently aggregated and trained on a central server. Data distribution can occur vertically or horizontally in this decentralized setup. In our approach, we employ a unique vertical partition learning process, segmenting data by characteristics or columns for each record across all local sites, known as Vertical Distributed Learning or features distributed machine learning. Our collaborative learning approach utilizes Stochastic Gradient Descent to collectively learn from each local site and compute the final result on a central server. Notably, during the training phase, no raw data or model parameters are exchanged; only local prediction results are shared and aggregated. Yet, sharing local prediction results raises privacy concerns, which we mitigate by introducing noise into the local results using a Differential Privacy algorithm. This paper introduces a robust vertical distributed learning system that emphasizes user privacy for healthcare data. To assess our approach, we conducted experiments using the sensitive healthcare data in the Medical Information Mart for Intensive Care-Ⅲ dataset and the publicly available Adult dataset. Our experimental results demonstrate that our approach achieves an accuracy level similar to that of a fully centralized model, significantly surpassing training based solely on local features. Consequently, our solution offers an effective federated learning approach for healthcare, preserving data locality and privacy while efficiently harnessing vertically partitioned data.","PeriodicalId":509397,"journal":{"name":"Journal of Surveillance, Security and Safety","volume":" 44","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139392292","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: