Applied Sciences

Research

Jump to: Review, Other

19 pages, 2323 KiB

Open AccessArticle

LHDNN: Maintaining High Precision and Low Latency Inference of Deep Neural Networks on Encrypted Data

by Jiaming Qian, Ping Zhang, Haoyong Zhu, Muhua Liu, Jiechang Wang and Xuerui Ma

Appl. Sci. 2023, 13(8), 4815; https://doi.org/10.3390/app13084815 - 11 Apr 2023

Cited by 3 | Viewed by 1881

Abstract

The advancement of deep neural networks (DNNs) has prompted many cloud service providers to offer deep learning as a service (DLaaS) to users across various application domains. However, in current DLaaS prediction systems, users’ data are at risk of leakage. Homomorphic encryption allows [...] Read more.

The advancement of deep neural networks (DNNs) has prompted many cloud service providers to offer deep learning as a service (DLaaS) to users across various application domains. However, in current DLaaS prediction systems, users’ data are at risk of leakage. Homomorphic encryption allows operations to be performed on ciphertext without decryption, which can be applied to DLaaS to ensure users’ data privacy. However, mainstream homomorphic encryption schemes only support homomorphic addition and multiplication, and do not support the ReLU activation function commonly used in the activation layers of DNNs. Previous work used approximate polynomials to replace the ReLU activation function, but the DNNs they implemented either had low inference accuracy or high inference latency. In order to achieve low inference latency of DNNs on encrypted data while ensuring inference accuracy, we propose a low-degree Hermite deep neural network framework (called LHDNN), which uses a set of low-degree trainable Hermite polynomials (called LotHps) as activation layers of DNNs. Additionally, LHDNN integrates a novel weight initialization and regularization module into the LotHps activation layer, which makes the training process of DNNs more stable and gives a stronger generalization ability. Additionally, to further improve the model accuracy, we propose a variable-weighted difference training (VDT) strategy that uses ReLU-based models to guide the training of LotHps-based models. Extensive experiments on multiple benchmark datasets validate the superiority of LHDNN in terms of inference speed and accuracy on encrypted data. Full article

(This article belongs to the Special Issue Advanced Technologies in Data and Information Security II)

► Show Figures

Figure 1

20 pages, 2734 KiB

Open AccessArticle

SSKM_DP: Differential Privacy Data Publishing Method via SFLA-Kohonen Network

by Zhiguang Chu, Jingsha He, Juxia Li, Qingyang Wang, Xing Zhang and Nafei Zhu

Appl. Sci. 2023, 13(6), 3823; https://doi.org/10.3390/app13063823 - 16 Mar 2023

Cited by 1 | Viewed by 947

Abstract

Data publishing techniques have led to breakthroughs in several areas. These tools provide a promising direction. However, when they are applied to private or sensitive data such as patient medical records, the published data may divulge critical patient information. In order to address [...] Read more.

Data publishing techniques have led to breakthroughs in several areas. These tools provide a promising direction. However, when they are applied to private or sensitive data such as patient medical records, the published data may divulge critical patient information. In order to address this issue, we propose a differential private data publishing method (SSKM_DP) based on the SFLA-Kohonen network, which perturbs sensitive attributes based on the maximum information coefficient to achieve a trade-off between security and usability. Additionally, we introduced a single-population frog jump algorithm (SFLA) to optimize the network. Extensive experiments on benchmark datasets have demonstrated that SSKM_DP outperforms state-of-the-art methods for differentially private data publishing techniques significantly. Full article

(This article belongs to the Special Issue Advanced Technologies in Data and Information Security II)

► Show Figures

Figure 1

20 pages, 9247 KiB

Open AccessArticle

Multi-Resolution Analysis with Visualization to Determine Network Attack Patterns

by Dong Hyun Jeong, Bong-Keun Jeong and Soo-Yeon Ji

Appl. Sci. 2023, 13(6), 3792; https://doi.org/10.3390/app13063792 - 16 Mar 2023

Cited by 2 | Viewed by 1518

Abstract

Analyzing network traffic activities is imperative in network security to detect attack patterns. Due to the complex nature of network traffic event activities caused by continuously changing computing environments and software applications, identifying the patterns is one of the challenging research topics. This [...] Read more.

Analyzing network traffic activities is imperative in network security to detect attack patterns. Due to the complex nature of network traffic event activities caused by continuously changing computing environments and software applications, identifying the patterns is one of the challenging research topics. This study focuses on analyzing the effectiveness of integrating Multi-Resolution Analysis (MRA) and visualization in identifying the attack patterns of network traffic activities. In detail, a Discrete Wavelet Transform (DWT) is utilized to extract features from network traffic data and investigate their capability of identifying attacks. For extracting features, various sliding windows and step sizes are tested. Then, visualizations are generated to help users conduct interactive visual analyses to identify abnormal network traffic events. To determine optimal solutions for generating visualizations, an extensive evaluation with multiple intrusion detection datasets has been performed. In addition, classification analysis with three different classification algorithms is managed to understand the effectiveness of using the MRA with visualization. From the study, we generated multiple visualizations associated with various window and step sizes to emphasize the effectiveness of the proposed approach in differentiating normal and attack events by forming distinctive clusters. We also found that utilizing MRA with visualization advances network intrusion detection by generating clearly separated visual clusters. Full article

(This article belongs to the Special Issue Advanced Technologies in Data and Information Security II)

► Show Figures

Figure 1

14 pages, 604 KiB

Open AccessArticle

Improved Low-Depth SHA3 Quantum Circuit for Fault-Tolerant Quantum Computers

by Gyeongju Song, Kyungbae Jang and Hwajeong Seo

Appl. Sci. 2023, 13(6), 3558; https://doi.org/10.3390/app13063558 - 10 Mar 2023

Cited by 5 | Viewed by 1262

Abstract

To build a secure cryptography system in the post-quantum era, one must find the minimum security parameters against quantum attacks by estimating the quantum resources of a fault-tolerant quantum computer. In a fault-tolerant quantum computer, errors must reach an acceptable level for practical [...] Read more.

To build a secure cryptography system in the post-quantum era, one must find the minimum security parameters against quantum attacks by estimating the quantum resources of a fault-tolerant quantum computer. In a fault-tolerant quantum computer, errors must reach an acceptable level for practical uses according to error detection and error correction processes. However, these processes utilize additional quantum resources. As the depth of the quantum circuit increases, the computation time per qubit increases together with the processing errors. Therefore, in terms of errors in quantum circuits, it is a fundamental requirement to reduce the depth by trading off the number of qubits. This paper proposes novel low-depth SHA3 quantum circuit implementations for fault-tolerant quantum computers to reduce errors. The proposed SHA3 quantum circuit was implemented with the aim of optimizing the quantum circuit depth through a trade-off between the number of qubits, the quantum gate, and the quantum depth in each function. Compared to other state-of-art techniques, the proposed method achieved T-depth and full-depth reductions of 30.3% and 80.05%, respectively. We believe that this work will contribute to the establishment of minimum security parameters for SHA3 in the quantum era. Full article

(This article belongs to the Special Issue Advanced Technologies in Data and Information Security II)

► Show Figures

Figure 1

11 pages, 522 KiB

Open AccessArticle

AWEncoder: Adversarial Watermarking Pre-Trained Encoders in Contrastive Learning

by Tianxing Zhang, Hanzhou Wu, Xiaofeng Lu, Gengle Han and Guangling Sun

Appl. Sci. 2023, 13(6), 3531; https://doi.org/10.3390/app13063531 - 09 Mar 2023

Cited by 1 | Viewed by 1375

Abstract

As a self-supervised learning paradigm, contrastive learning has been widely used to pre-train a powerful encoder as an effective feature extractor for various downstream tasks. This process requires numerous unlabeled training data and computational resources, which makes the pre-trained encoder become the valuable [...] Read more.

As a self-supervised learning paradigm, contrastive learning has been widely used to pre-train a powerful encoder as an effective feature extractor for various downstream tasks. This process requires numerous unlabeled training data and computational resources, which makes the pre-trained encoder become the valuable intellectual property of the owner. However, the lack of a priori knowledge of downstream tasks makes it non-trivial to protect the intellectual property of the pre-trained encoder by applying conventional watermarking methods. To deal with this problem, in this paper, we introduce AWEncoder, an adversarial method for watermarking the pre-trained encoder in contrastive learning. First, as an adversarial perturbation, the watermark is generated by enforcing the training samples to be marked to deviate respective location and surround a randomly selected key image in the embedding space. Then, the watermark is embedded into the pre-trained encoder by further optimizing a joint loss function. As a result, the watermarked encoder not only performs very well for downstream tasks, but also enables us to verify its ownership by analyzing the discrepancy of output provided using the encoder as the backbone under both white-box and black-box conditions. Extensive experiments demonstrate that the proposed work enjoys quite good effectiveness and robustness on different contrastive learning algorithms and downstream tasks, which has verified the superiority and applicability of the proposed work. Full article

(This article belongs to the Special Issue Advanced Technologies in Data and Information Security II)

► Show Figures

Figure 1

14 pages, 692 KiB

Open AccessArticle

MalwD&C: A Quick and Accurate Machine Learning-Based Approach for Malware Detection and Categorization

by Attaullah Buriro, Abdul Baseer Buriro, Tahir Ahmad, Saifullah Buriro and Subhan Ullah

Appl. Sci. 2023, 13(4), 2508; https://doi.org/10.3390/app13042508 - 15 Feb 2023

Cited by 5 | Viewed by 1681

Abstract

Malware, short for malicious software, is any software program designed to cause harm to a computer or computer network. Malware can take many forms, such as viruses, worms, Trojan horses, and ransomware. Because malware can cause significant damage to a computer or network, [...] Read more.

Malware, short for malicious software, is any software program designed to cause harm to a computer or computer network. Malware can take many forms, such as viruses, worms, Trojan horses, and ransomware. Because malware can cause significant damage to a computer or network, it is important to avoid its installation to prevent any potential harm. This paper proposes a machine learning-based malware detection method called MalwD&C to allow the secure installation of Programmable Executable (PE) files. The proposed method uses machine learning classifiers to analyze the PE files and classify them as benign or malware. The proposed MalwD&C scheme was evaluated on a publicly available dataset by applying several machine learning classifiers in two settings: two-class classification (malware detection) and multi-class classification (malware categorization). The results showed that the Random Forest (RF) classifier outperformed all other chosen classifiers, achieving as high as 99.56% and 97.69% accuracies in the two-class and multi-class settings, respectively. We believe that MalwD&C will be widely accepted in academia and industry due to its speed in decision making and higher accuracy. Full article

(This article belongs to the Special Issue Advanced Technologies in Data and Information Security II)

► Show Figures

Figure 1

20 pages, 21722 KiB

Open AccessArticle

Study on Cyber Common Operational Picture Framework for Cyber Situational Awareness

by Kookjin Kim, Jaepil Youn, Sukjoon Yoon, Jiwon Kang, Kyungshin Kim and Dongkyoo Shin

Appl. Sci. 2023, 13(4), 2331; https://doi.org/10.3390/app13042331 - 11 Feb 2023

Cited by 1 | Viewed by 2759

Abstract

The remarkable development of the Internet has made our lives very convenient, such as through the ability to instantaneously transmit individual pictures. As a result, cyber-attacks are also being developed and increasing, and the computer/mobile devices we use can become infected with viruses [...] Read more.

The remarkable development of the Internet has made our lives very convenient, such as through the ability to instantaneously transmit individual pictures. As a result, cyber-attacks are also being developed and increasing, and the computer/mobile devices we use can become infected with viruses in an instant. Rapid cyber situational awareness is essential to prepare for such cyber-attacks. Accelerating cyber situational awareness requires Cyber Common Operational Pictures, which integrate and contextualize numerous data streams and data points. Therefore, we propose a Cyber Common Operational Pictures framework and criteria for rapid cyber situation awareness. First, the system reaction speed based on the user’s request and the standard for easily recognizing the object shown on the screen are presented. Second, standards and frameworks for five types of visualization screens that can directly recognize and respond to cyber-attacks are presented. Third, we show how a system was constructed based on the proposed framework, as well as the results of an experiment on the response time of each visualization screen. As a result of the experiment, the response speed of the 5 visualization screens was about 0.11 s on average for inquiry (simple) and 1.07 s on average for inquiry (complex). This is consistent with the typical response times of the studies investigated in this paper. If CyCOP is developed in compliance with the framework items (UI, object symbol, object size, response speed) presented in this paper, rapid situational awareness is possible. This research can be used in cyber-attack and defense training in the military field. In the private sector, it can be used in cyber and network control. Full article

(This article belongs to the Special Issue Advanced Technologies in Data and Information Security II)

► Show Figures

Figure 1

22 pages, 5009 KiB

Open AccessArticle

AI-Assisted Security Alert Data Analysis with Imbalanced Learning Methods

by Samuel Ndichu, Tao Ban, Takeshi Takahashi and Daisuke Inoue

Appl. Sci. 2023, 13(3), 1977; https://doi.org/10.3390/app13031977 - 03 Feb 2023

Cited by 6 | Viewed by 2215

Abstract

Intrusion analysis is essential for cybersecurity, but oftentimes, the overwhelming number of false alerts issued by security appliances can prove to be a considerable hurdle. Machine learning algorithms can automate a task known as security alert data analysis to facilitate faster alert triage [...] Read more.

Intrusion analysis is essential for cybersecurity, but oftentimes, the overwhelming number of false alerts issued by security appliances can prove to be a considerable hurdle. Machine learning algorithms can automate a task known as security alert data analysis to facilitate faster alert triage and incident response. This paper presents a bidirectional approach to address severe class imbalance in security alert data analysis. The proposed method utilizes an ensemble of three oversampling techniques to generate an augmented set of high-quality synthetic positive samples and employs a data subsampling algorithm to identify and remove noisy negative samples. Experimental results using an enterprise and a benchmark dataset confirm that this approach yields significantly improved recall and false positive rates compared with conventional oversampling techniques, suggesting its potential for more effective and efficient AI-assisted security operations. Full article

(This article belongs to the Special Issue Advanced Technologies in Data and Information Security II)

► Show Figures

Figure 1

15 pages, 4259 KiB

Open AccessArticle

A Novel Multi-Factor Authentication Algorithm Based on Image Recognition and User Established Relations

by Diego Carrillo-Torres, Jesús Arturo Pérez-Díaz, Jose Antonio Cantoral-Ceballos and Cesar Vargas-Rosales

Appl. Sci. 2023, 13(3), 1374; https://doi.org/10.3390/app13031374 - 20 Jan 2023

Cited by 8 | Viewed by 3072

Abstract

Conventional authentication methods, like simple text-based passwords, have shown vulnerabilities to different types of security attacks. Indeed, 61% of all breaches involve credentials, whether stolen via social engineering or hacked using brute force. Therefore, a robust user authentication mechanism is crucial to have [...] Read more.

Conventional authentication methods, like simple text-based passwords, have shown vulnerabilities to different types of security attacks. Indeed, 61% of all breaches involve credentials, whether stolen via social engineering or hacked using brute force. Therefore, a robust user authentication mechanism is crucial to have secure systems. Combining textual passwords with graphical passwords in a multi-factor approach can be an effective strategy. Advanced authentication systems, such as biometrics, are secure, but require additional infrastructure for efficient implementation. This paper proposes a Multi-Factor Authentication (MFA) based on a non-biometric mechanism that does not require additional hardware. The novelty of the proposed mechanism lies in a two-factor authentication algorithm which requires a user to identify specific images out of a set of randomly selected images, then the user is required to establish a self-pre-configured relation between two given images to complete authentication. A functional prototype of the proposed system was developed and deployed. The proposed system was tested by users of different backgrounds achieving 100% accuracy in identifying and authenticating users, if authentication elements and credentials were not forgotten. It was also found to be accepted by the users as being easy to use and preferable over common MFA mechanisms. Full article

(This article belongs to the Special Issue Advanced Technologies in Data and Information Security II)

► Show Figures

Figure 1

17 pages, 1875 KiB

Open AccessArticle

Applying BERT for Early-Stage Recognition of Persistence in Chat-Based Social Engineering Attacks

by Nikolaos Tsinganos, Panagiotis Fouliras and Ioannis Mavridis

Appl. Sci. 2022, 12(23), 12353; https://doi.org/10.3390/app122312353 - 02 Dec 2022

Cited by 3 | Viewed by 1531

Abstract

Chat-based social engineering (CSE) attacks are attracting increasing attention in the Small-Medium Enterprise (SME) environment, given the ease and potential impact of such an attack. During a CSE attack, malicious users will repeatedly use linguistic tricks to eventually deceive their victims. Thus, to [...] Read more.

Chat-based social engineering (CSE) attacks are attracting increasing attention in the Small-Medium Enterprise (SME) environment, given the ease and potential impact of such an attack. During a CSE attack, malicious users will repeatedly use linguistic tricks to eventually deceive their victims. Thus, to protect SME users, it would be beneficial to have a cyber-defense mechanism able to detect persistent interlocutors who repeatedly bring up critical topics that could lead to sensitive data exposure. We build a natural language processing model, called CSE-PersistenceBERT, for paraphrase detection to recognize persistency as a social engineering attacker’s behavior during a chat-based dialogue. The CSE-PersistenceBERT model consists of a pre-trained BERT model fine-tuned using our handcrafted CSE-Persistence corpus; a corpus appropriately annotated for the specific downstream task of paraphrase recognition. The model identifies the linguistic relationship between the sentences uttered during the dialogue and exposes the malicious intent of the attacker. The results are satisfactory and prove the efficiency of CSE-PersistenceBERT as a recognition mechanism of a social engineer’s persistent behavior during a CSE attack. Full article

(This article belongs to the Special Issue Advanced Technologies in Data and Information Security II)

► Show Figures

Figure 1

18 pages, 3080 KiB

Open AccessArticle

Generalized Replay Spoofing Countermeasure Based on Combining Local Subclassification Models

by Sarah Mohammed Altuwayjiri, Ouiem Bchir and Mohamed Maher Ben Ismail

Appl. Sci. 2022, 12(22), 11742; https://doi.org/10.3390/app122211742 - 18 Nov 2022

Viewed by 1125

Abstract

Automatic speaker verification (ASV) systems play a prominent role in the security field due to the usability of voice biometrics compared to alternative biometric authentication modalities. Nevertheless, ASV systems are susceptible to malicious voice spoofing attacks. In response to such threats, countermeasures have [...] Read more.

Automatic speaker verification (ASV) systems play a prominent role in the security field due to the usability of voice biometrics compared to alternative biometric authentication modalities. Nevertheless, ASV systems are susceptible to malicious voice spoofing attacks. In response to such threats, countermeasures have been devised to prevent breaches and ensure the safety of user data by categorizing utterances as either genuine or spoofed. In this paper, we propose a new voice spoofing countermeasure that seeks to improve the generalization of supervised learning models. This is accomplished by alleviating the problem of intraclass variance. Specifically, the proposed approach addresses the generalization challenge by splitting the classification problem into a set of local subproblems in order to lessen the supervised learning task. The system outperformed existing state-of-the-art approaches with an EER of 0.097% on the ASVspoof challenge corpora related to replaying spoofing attacks. Full article

(This article belongs to the Special Issue Advanced Technologies in Data and Information Security II)

► Show Figures

Figure 1

13 pages, 598 KiB

Open AccessArticle

DeepDetection: Privacy-Enhanced Deep Voice Detection and User Authentication for Preventing Voice Phishing

by Yeajun Kang, Wonwoong Kim, Sejin Lim, Hyunji Kim and Hwajeong Seo

Appl. Sci. 2022, 12(21), 11109; https://doi.org/10.3390/app122111109 - 02 Nov 2022

Cited by 5 | Viewed by 2330

Abstract

The deep voice detection technology currently being researched causes personal information leakage because the input voice data are stored in the detection server. To overcome this problem, in this paper, we propose a novel system (i.e., DeepDetection) that can detect deep voices and [...] Read more.

The deep voice detection technology currently being researched causes personal information leakage because the input voice data are stored in the detection server. To overcome this problem, in this paper, we propose a novel system (i.e., DeepDetection) that can detect deep voices and authenticate users without exposing voice data to the server. Voice phishing prevention is achieved in two-way approaches by performing primary verification through deep voice detection and secondary verification of whether the sender is the correct sender through user authentication. Since voice preprocessing is performed on the user local device, voice data are not stored on the detection server. Thus, we can overcome the security vulnerabilities of the existing detection research. We used ASVspoof 2019 and achieved an F1-score of 100% in deep voice detection and an F1 score of 99.05% in user authentication. Additionally, the average EER for user authentication achieved was 0.15. Therefore, this work can be effectively used to prevent deep voice-based phishing. Full article

(This article belongs to the Special Issue Advanced Technologies in Data and Information Security II)

► Show Figures

Figure 1

13 pages, 1017 KiB

Open AccessArticle

A Parallel Quantum Circuit Implementations of LSH Hash Function for Use with Grover’s Algorithm

by Gyeongju Song, Kyungbae Jang, Hyunji Kim and Hwajeong Seo

Appl. Sci. 2022, 12(21), 10891; https://doi.org/10.3390/app122110891 - 27 Oct 2022

Cited by 2 | Viewed by 1277

Abstract

Grover’s search algorithm accelerates the key search on the symmetric key cipher and the pre-image attack on the hash function. To conduct Grover’s search algorithm, the target cipher algorithm should be efficiently implemented in a quantum circuit. Currently, small quantum computers are difficult [...] Read more.

Grover’s search algorithm accelerates the key search on the symmetric key cipher and the pre-image attack on the hash function. To conduct Grover’s search algorithm, the target cipher algorithm should be efficiently implemented in a quantum circuit. Currently, small quantum computers are difficult to operate with large quantum circuits due to limited performance. Therefore, if a large quantum computer that can operate Grover’s algorithm appears, it is expected that a cipher attack will be possible. In this paper, we propose a parallel structure quantum circuit for the Korean hash function standard (i.e., LSH). The proposed quantum circuit designed a parallel operation structure for the message expansion (i.e., MsgExp) function and the mix function, which are the internal structures of the LSH hash function. This approach shows an efficient result for quantum circuit implementation in terms of quantum resources by reducing the depth of the quantum circuit by about 96% through the trade-off of appropriate quantum resources compared to previous work. This result can be a reference for the implementation of a parallel quantum circuit in the future and is expected to advance the attack timing of the search algorithm for Grover’s LSH hash function. Full article

(This article belongs to the Special Issue Advanced Technologies in Data and Information Security II)

► Show Figures

Figure 1

21 pages, 495 KiB

Open AccessArticle

Improving Deep Learning-Based Recommendation Attack Detection Using Harris Hawks Optimization

by Quanqiang Zhou, Cheng Huang and Liangliang Duan

Appl. Sci. 2022, 12(19), 10135; https://doi.org/10.3390/app121910135 - 09 Oct 2022

Cited by 1 | Viewed by 1224

Abstract

Recommendation attack attempts to bias the recommendation results of collaborative recommender systems by injecting malicious ratings into the rating database. A lot of methods have been proposed for detecting such attacks. Among these works, the deep learning-based detection methods get rid of the [...] Read more.

Recommendation attack attempts to bias the recommendation results of collaborative recommender systems by injecting malicious ratings into the rating database. A lot of methods have been proposed for detecting such attacks. Among these works, the deep learning-based detection methods get rid of the dependence on hand-designed features of recommendation attack besides having excellent detection performance. However, most of them optimize the key hyperparameters by manual analysis which relies too much on domain experts and their experience. To address this issue, in this paper we propose an approach based on the Harris Hawks Optimization (HHO) algorithm to improve the deep learning-based detection methods. Being different from the original detection methods which optimize the key hyperparameters manually, the improved deep learning-based detection methods can optimize the key hyperparameters automatically. We first convert the key hyperparameters of discrete type to continuous type according to the uniform distribution theory to expand the application scope of HHO algorithm. Then, we use the detection stability as an early stop condition to reduce the optimization iterations to improve the HHO algorithm. After that, we use the improved HHO algorithm to automatically optimize the key hyperparameters for the deep learning-based detection methods. Finally, we use the optimized key hyperparameters to train the deep learning-based detection methods to generate classifiers for detecting the recommendation attack. The experiments conducted on two benchmark datasets illustrate that the improved deep learning-based detection methods have effective performance. Full article

(This article belongs to the Special Issue Advanced Technologies in Data and Information Security II)

► Show Figures

Figure 1

28 pages, 2705 KiB

Open AccessArticle

Investigating Wearable Fitness Applications: Data Privacy and Digital Forensics Analysis on Android

by Shinelle Hutchinson, Mohammad Meraj Mirza, Nicholas West, Umit Karabiyik, Marcus K. Rogers, Tathagata Mukherjee, Sudhir Aggarwal, Haeyong Chung and Carrie Pettus-Davis

Appl. Sci. 2022, 12(19), 9747; https://doi.org/10.3390/app12199747 - 28 Sep 2022

Cited by 8 | Viewed by 4493

Abstract

Wearable devices are becoming more and more prevalent in our daily lives as people become more curious about how well they are doing in monitoring, improving, or maintaining their health and fitness. Fitness trackers and smartwatches have become almost ubiquitous, so these devices [...] Read more.

Wearable devices are becoming more and more prevalent in our daily lives as people become more curious about how well they are doing in monitoring, improving, or maintaining their health and fitness. Fitness trackers and smartwatches have become almost ubiquitous, so these devices have begun to play a critical role in forensic investigations. In this paper, the authors conducted a forensic analysis of the controlling applications for three popular fitness bands and smartwatches (i.e., Amazon Halo, Garmin Connect, and Mobvoi) on an Android smartphone device to (1) provide forensic investigators with a road-map of forensically relevant data that are stored within these applications and (2) highlight any privacy concerns that the stored data within these applications may present to the applications’ users. Our findings indicate that the three fitness applications store a wealth of user data. In particular, the Amazon Halo app stores daily, weekly, and monthly activity-related data for at least the last 13 days. The user’s Tone Analysis results were also recovered. The Garmin Connect application also records detailed user activity information, as it was possible to recover the last 15 days worth of user activity data. The Garmin Connect user’s general location was also determined via the application’s weather notification feature. Lastly, the Mobvoi application records all data points from the time the device is first used until the last time the device is used. These data points may include heart rates taken every 5 min and step counts. Our findings highlight the possibility of collecting personally identifiable information about users of these devices and apps, including their profile information, habits, location, and state of mind. These findings would be pertinent to forensic investigators in the event that these or similar applications are part of an investigation. Full article

(This article belongs to the Special Issue Advanced Technologies in Data and Information Security II)

► Show Figures

Figure 1

19 pages, 995 KiB

Open AccessArticle

The Role of Privacy Fatigue in Privacy Paradox: A PSM and Heterogeneity Analysis

by Xinluan Tian, Lina Chen and Xiaojuan Zhang

Appl. Sci. 2022, 12(19), 9702; https://doi.org/10.3390/app12199702 - 27 Sep 2022

Cited by 3 | Viewed by 2062

Abstract

Powerful rising trends of mobile media platforms have also resulted in the escalation of users’ privacy concerns. However, there is a paradox between users’ attitudes towards privacy and their actual privacy disclosure behaviors. This study attempts to explain the phenomenon of privacy paradox [...] Read more.

Powerful rising trends of mobile media platforms have also resulted in the escalation of users’ privacy concerns. However, there is a paradox between users’ attitudes towards privacy and their actual privacy disclosure behaviors. This study attempts to explain the phenomenon of privacy paradox in the mobile social media context from the privacy fatigue perspective. Based on the Elaboration Likelihood Model (ELM) and employing the method of Propensity Score Matching (PSM), this paper confirmed that privacy fatigue could directly explain the privacy paradox. Among the findings, cynicism turned the relationship between privacy concern and privacy protection behaviors from positive influence to negative influence, while emotional exhaustion would weaken the positive influence relationship between privacy concern and the intention to undertake privacy protection behaviors. In addition, the study also revealed the heterogeneous effects of individual characteristics and usage characteristics variables on how the privacy fatigue influences privacy paradox. Full article

(This article belongs to the Special Issue Advanced Technologies in Data and Information Security II)

► Show Figures

Figure 1

15 pages, 5739 KiB

Open AccessArticle

Investigating Proactive Digital Forensics Leveraging Adversary Emulation

by Valentine Machaka and Titus Balan

Appl. Sci. 2022, 12(18), 9077; https://doi.org/10.3390/app12189077 - 09 Sep 2022

Cited by 1 | Viewed by 2481

Abstract

Traditional digital forensics techniques are becoming obsolete due to rapid technological change. Proactive digital forensic investigations (PDFI) solve the challenges of cloud computing forensics such as evidence identification, collection, preservation, and timelining from heterogeneous cumulative data. Cumulative data heterogeneity poses significant challenges to [...] Read more.

Traditional digital forensics techniques are becoming obsolete due to rapid technological change. Proactive digital forensic investigations (PDFI) solve the challenges of cloud computing forensics such as evidence identification, collection, preservation, and timelining from heterogeneous cumulative data. Cumulative data heterogeneity poses significant challenges to the sound collection of electronically stored information (ESI) or digital evidence across cloud endpoints and/or networked systems. In addition, the distribution of networked systems and/or cloud environments makes it impossible for forensics investigators to be present at several premises to perform the investigation. Hence, it is important to have PDFI in place to ensure continuous operation in the event of a cyberattack, because it does not require the presence of an investigator at the target location. In this study, researchers put the idea of proactive digital forensics to the test and concluded that it is an indispensable tool for networked systems and cloud computing environments in response to modern-day digital forensics challenges. This research was based on an experimental computer science and engineering approach using a virtualised environment simulating an information communication infrastructure. To generate evidence (digital artefacts), and validate the proof-of-concept, adversary emulation was used by adapting the MITRE ATT&CK framework. Research results have shown that PDFI improves digital forensics activities in terms of speed and accuracy, thereby providing credible and timely comprehensive digital evidence. Enhanced Incident detection capabilities enable an analyst to focus much more on forensic investigation functions and thus perform their tasks effectively. However, the legality of live and/or remote forensics is still of great concern in several jurisdictions, thereby affecting the credibility of digital artefacts obtained in this manner. Nevertheless, where possible, the law component should also be kept up to date with modern-day technologies to solve any inconveniences caused by the ever-growing technology demands. Full article

(This article belongs to the Special Issue Advanced Technologies in Data and Information Security II)

► Show Figures

Figure 1

30 pages, 911 KiB

Open AccessArticle

Revisiting the Detection of Lateral Movement through Sysmon

by Christos Smiliotopoulos, Konstantia Barmpatsalou and Georgios Kambourakis

Appl. Sci. 2022, 12(15), 7746; https://doi.org/10.3390/app12157746 - 01 Aug 2022

Cited by 7 | Viewed by 3751

Abstract

This work attempts to answer in a clear way the following key questions regarding the optimal initialization of the Sysmon tool for the identification of Lateral Movement in the MS Windows ecosystem. First, from an expert’s standpoint and with reference to the relevant [...] Read more.

This work attempts to answer in a clear way the following key questions regarding the optimal initialization of the Sysmon tool for the identification of Lateral Movement in the MS Windows ecosystem. First, from an expert’s standpoint and with reference to the relevant literature, what are the criteria for determining the possibly optimal initialization features of the Sysmon event monitoring tool, which are also applicable as custom rules within the config.xml configuration file? Second, based on the identified features, how can a functional configuration file, able to identify as many LM variants as possible, be generated? To answer these questions, we relied on the MITRE ATT and CK knowledge base of adversary tactics and techniques and focused on the execution of the nine commonest LM methods. The conducted experiments, performed on a properly configured testbed, suggested a great number of interrelated networking features that were implemented as custom rules in the Sysmon’s config.xml file. Moreover, by capitalizing on the rich corpus of the 870K Sysmon logs collected, we created and evaluated, in terms of TP and FP rates, an extensible Python .evtx file analyzer, dubbed PeX, which can be used towards automatizing the parsing and scrutiny of such voluminous files. Both the .evtx logs dataset and the developed PeX tool are provided publicly for further propelling future research in this interesting and rapidly evolving field. Full article

(This article belongs to the Special Issue Advanced Technologies in Data and Information Security II)

► Show Figures

Figure 1

29 pages, 1724 KiB

Open AccessArticle

Forensic Investigation of Remnant Data on USB Storage Devices Sold in New Zealand

by Zawar Shah, Arkar Kyaw, Hong Phat Truong, Imdad Ullah and Andrew Levula

Appl. Sci. 2022, 12(12), 5928; https://doi.org/10.3390/app12125928 - 10 Jun 2022

Viewed by 3148

Abstract

The digital forensic tools used by law enforcement agencies for forensic investigations are mostly proprietary and commercially expensive; although open-source tools are used, the investigations conducted with such tools are not verified by reputable organisations, and hence, users are reluctant to practice such [...] Read more.

The digital forensic tools used by law enforcement agencies for forensic investigations are mostly proprietary and commercially expensive; although open-source tools are used, the investigations conducted with such tools are not verified by reputable organisations, and hence, users are reluctant to practice such tools. To address this issue, we experimentally evaluate three open-source forensic tools based on various requirements recommended by the National Institute of Standards and Technology (NIST) framework for forensic investigation. The experimental setup consists of a forensic workstation, write-blocker, and purchased USB hard drives investigated via digital forensic imaging tools, i.e., DC3DD, DCFLDD, and Guymager. We create various test cases, which distribute USB hard drives in different groups and investigate the functional and optional requirements of NIST along with recovering and analysing remnant data. We evaluate these forensic tools by analysing the log information, following, anonymously (to ensure that data were not disclosed or misused during or after the investigations) collecting, examining, and classifying the remnant data restored from the USB hard drives. We observe that the percentage of hardware resources usage and the processing time of each tool are remarkably different, e.g., Guymager was the fastest tool and met all the functional requirements in each test case, but it utilised more CPU and memory resources than DC3DD, DCFLDD. We note that 88.23% of the USB hard drives contained sensitive personal or business information (e.g., personal photos, bank transactions, and contracts). Subsequently, the remnant data analysis shows that consumers in New Zealand are unaware of personal data security and the associated vulnerabilities of data leakages. Full article

(This article belongs to the Special Issue Advanced Technologies in Data and Information Security II)

► Show Figures

Figure 1

Review

Jump to: Research, Other

32 pages, 1442 KiB

Open AccessReview

Distributed Denial of Service Attacks against Cloud Computing Environment: Survey, Issues, Challenges and Coherent Taxonomy

by Ziyad R. Alashhab, Mohammed Anbar, Manmeet Mahinderjit Singh, Iznan H. Hasbullah, Prateek Jain and Taief Alaa Al-Amiedy

Appl. Sci. 2022, 12(23), 12441; https://doi.org/10.3390/app122312441 - 05 Dec 2022

Cited by 11 | Viewed by 3274

Abstract

Cloud computing (CC) plays a significant role in revolutionizing the information and communication technology (ICT) industry, allowing flexible delivery of new services and computing resources at a fraction of the costs for end-users than traditional computing. Unfortunately, many potential cyber threats impact CC-deployed [...] Read more.

Cloud computing (CC) plays a significant role in revolutionizing the information and communication technology (ICT) industry, allowing flexible delivery of new services and computing resources at a fraction of the costs for end-users than traditional computing. Unfortunately, many potential cyber threats impact CC-deployed services due to the exploitation of CC’s characteristics, such as resource sharing, elasticity, and multi-tenancy. This survey provides a comprehensive discussion on security issues and challenges facing CC for cloud service providers and their users. Furthermore, this survey proposes a new taxonomy for classifying CC attacks, distributed denial of service (DDoS) attacks, and DDoS attack detection approaches on CC. It also provides a qualitative comparison with the existing surveys. Finally, this survey aims to serve as a guide and reference for other researchers working on new DDoS attack detection approaches within the CC environment. Full article

(This article belongs to the Special Issue Advanced Technologies in Data and Information Security II)

► Show Figures

Figure 1

37 pages, 2119 KiB

Open AccessReview

Blockchain Applications in Agriculture: A Scoping Review

by Andreas Sendros, George Drosatos, Pavlos S. Efraimidis and Nestor C. Tsirliganis

Appl. Sci. 2022, 12(16), 8061; https://doi.org/10.3390/app12168061 - 11 Aug 2022

Cited by 15 | Viewed by 5599

Abstract

Blockchain is a distributed, immutable ledger technology initially developed to secure cryptocurrency transactions. Following its revolutionary use in cryptocurrencies, blockchain solutions are now being proposed to address various problems in different domains, and it is currently one of the most “disruptive” technologies. This [...] Read more.

Blockchain is a distributed, immutable ledger technology initially developed to secure cryptocurrency transactions. Following its revolutionary use in cryptocurrencies, blockchain solutions are now being proposed to address various problems in different domains, and it is currently one of the most “disruptive” technologies. This paper presents a scoping review of the scientific literature for exploring the current research area of blockchain applications in the agricultural sector. The aim is to identify the service areas of agriculture where blockchain is used, the blockchain technology used, the data stored in it, its combination with external databases, the reason it is used, and the variety of agricultural products, as well as the level of maturity of the respective approaches. The study follows the PRISMA-ScR methodology. The purpose of conducting these scoping reviews is to identify the evidence in this field and clarify the key concepts. The literature search was conducted in April 2021 using Scopus and Google Scholar, and a systematic selection process identified 104 research articles for detailed study. Our findings show that in the field, although still in the early stages, with the majority of the studies in the design phase, several experiments have been conducted, so a significant percentage of the work is in the implementation or piloting phase. Finally, our research shows that the use of blockchain in this domain mainly concerns the integrity of agricultural production records, the monitoring of production steps, and the monitoring of products. However, other varied and remarkable blockchain applications include incentive mechanisms, a circular economy, data privacy, product certification, and reputation systems. This study is the first scoping review in this area, following a formal systematic literature review methodology and answering research questions that have not yet been addressed. Full article

(This article belongs to the Special Issue Advanced Technologies in Data and Information Security II)

► Show Figures

Figure 1

Other

Jump to: Research, Review

18 pages, 2285 KiB

Open AccessPerspective

Mathematical Approaches Transform Cybersecurity from Protoscience to Science

by Ivan Trenchev, Willian Dimitrov, Georgi Dimitrov, Tanya Ostrovska and Miglena Trencheva

Appl. Sci. 2023, 13(11), 6508; https://doi.org/10.3390/app13116508 - 26 May 2023

Viewed by 2205

Abstract

The area of cybersecurity problems has reached the stage of becoming a science. This raises questions about the connection between the mathematical theories used in cybersecurity research and their relation to the methodology for experiments and conceptual models synthesized from the academic community. [...] Read more.

The area of cybersecurity problems has reached the stage of becoming a science. This raises questions about the connection between the mathematical theories used in cybersecurity research and their relation to the methodology for experiments and conceptual models synthesized from the academic community. This research proposes an analytical review of the mathematical ideas used in applied cyber-security and theoretical explorations. This meta viewpoint is dedicated to standard mathematical theories applied in cybersecurity issues. The ground of the work is methodological problems relating to the validation of experiments and models with mathematical ideas in the cybersecurity exploration of digital space. This research emphasizes the application of game theory, catastrophe theory, queuing systems, and Markov chains. The methods are shown without claiming to be exhaustive. The goal is to review the currently established implementation of mathematical approaches to cybersecurity. A spectrum of possibilities for applying mathematical apparatus in future research for cybersecurity is given. After a review of the literature for each presented mathematical approach, we expose a list of problematic areas in which this has already been implemented. Full article

(This article belongs to the Special Issue Advanced Technologies in Data and Information Security II)

► Show Figures

Figure 1

Journal Menu

Journal Browser

Advanced Technologies in Data and Information Security II

Share This Special Issue

Special Issue Editors

Special Issue Information

Keywords

Related Special Issue

Published Papers (22 papers)

Research

Review

Other

Further Information

Guidelines

MDPI Initiatives

Follow MDPI