It is critical to secure the Industrial Internet of Things (IIoT) devices because of potentially devastating consequences in case of an attack. Machine learning and big data analytics are the two powerful leverages for analyzing and securing the Internet of Things (IoT) technology. By extension, these techniques can help improve the security of the IIoT systems as well. In this paper, we first present common IIoT protocols and their associated vulnerabilities. Then, we run a cyber-vulnerability assessment and discuss the utilization of machine learning in countering these susceptibilities. Following that, a literature review of the available intrusion detection solutions using machine learning models is presented. Finally, we discuss our case study, which includes details of a real-world testbed that we have built to conduct cyber-attacks and to design an intrusion detection system (IDS). We deploy backdoor, command injection, and Structured Query Language (SQL) injection attacks against the system and demonstrate how a machine learning based anomaly detection system can perform well in detecting these attacks. We have evaluated the performance through representative metrics to have a fair point of view on the effectiveness of the methods.

Machine Learning Based Network Vulnerability Analysis of Industrial Internet of Things

Towards benchmark datasets for machine learning based website phishing detection: An experimental study

Judging the safety of a URL is something that even security experts struggle to do accurately without additional information In this work, we aim to make experts’ tools accessible to non-experts and assist general users in judging the safety of URLs by providing them with a usable report based on the information professionals use We designed the report by iterating with 8 focus groups made up of end users, HCI experts, and security experts to ensure that the report was usable as well as accurately interpreted the information We also conducted an online evaluation with 153 participants to compare different report-length options We find that the longer comprehensive report allows users to accurately judge URL safety (93% accurate) and that summaries still provide benefit (83% accurate) compared to domain highlighting (65% accurate)

/pdf/i-don-t-need-an-expert-making-url-phishing-features-human-1dgk133a8o.pdf

I Don’t Need an Expert! Making URL Phishing Features Human Comprehensible

The digitalisation of the economy with data as the new critical resource is a technological revolution which requires an adaptation of the legal framework for markets and the economy. This paper analyzes the privacy concerns in the digital economy from an economics perspective. What can we learn from economics whether and to what extent we need legal rules helping to protect privacy? Particularly important are the complex tradeoff problems between benefits and costs of privacy and disclosure. This paper claims that it is not sufficient to look for policy solutions only in one field of the law, as, e.g. competition law or data protection law, rather an integrated approach from different regulatory perspectives is necessary. This paper focusses on competition policy, consumer policy, and data protection policy as the three main regulatory perspectives that are relevant for privacy concerns. For all three policies it is discussed from an economic perspective how these policies might help to remedy market failures in regard to privacy rights and privacy preferences of individuals, and how a more integrated regulatory approach can be developed.

Digital Markets, Data, and Privacy: Competition Law, Consumer Law, and Data Protection

The traditional malicious uniform resource locator (URL) detection method excessively relies on the matching rules formulated by the network security personnel, which is hard to fully express the text information of the URL. Thus, an improved multilayer recurrent convolutional neural network model based on the YOLO algorithm is proposed to detect malicious URL in this paper. First, single characters are mapped to dense vectors using word embedding, and the dense vectors are participated in the training process of the whole model according to the structural characteristics of the URL in the method. Then, the CSPDarknet neural network model based on the improved YOLO algorithm is proposed to extract features of the URL. Finally, the extracted features are used to evaluate malicious URL by the bidirectional LSTM recurrent neural network algorithm. In order to verify the validity of the algorithm, a total of 200,000 URLs are collected, including 100,000 normal URLs labeled “good” and 100,000 malicious URLs labeled “bad”. The experimental results show that the method detects malicious URLs more quickly and effectively and has high accuracy, high recall rate, and high accuracy compared with Text-RCNN, BRNN, and other models.

/pdf/malicious-url-detection-based-on-improved-multilayer-5e4b3niiqz.pdf

Malicious URL Detection Based on Improved Multilayer Recurrent Convolutional Neural Network Model

Different machine learning and deep learning-based approaches have been proposed for designing defensive mechanisms against various phishing attacks. Recently, researchers showed that phishing attacks can be performed by employing a deep neural network-based phishing URL generating system called DeepPhish. To prevent this kind of attack, we design an ensemble machine learning-based detection system called PhishHaven to identify AI-generated as well as human-crafted phishing URLs. To the best of our knowledge, this is the first study to consider detecting phishing attacks by both AI and human attackers. PhishHaven employs lexical analysis for feature extraction. To further enhance lexical analysis, we introduce URL HTML Encoding to classify URL on-the-fly and proactively compare with some of the existing methods. We also introduce a URL Hit approach to deal with tiny URLs, which is an open problem yet to be solved. Moreover, the final classification of URLs is made on an unbiased voting mechanism in PhishHaven, which aims to avoid misclassification when the number of votes is equal. To speed up the ensemble-based machine learning models, PhishHaven employs a multi-threading approach to execute the classification in parallel, leading to real-time detection. Theoretical analysis of our solution shows that (1) it can always detect tiny URLs, and (2) it can detect future AI-generated Phishing URLs based on our selected lexical features with 100% accuracy. Through experiments, we analyze our solution with a benchmark dataset of 100,000 phishing and normal URLs. The results show that PhishHaven can achieve 98.00% accuracy, outperforming the existing lexical-based human-crafted phishing URLs detection systems.

/pdf/phishhaven-an-efficient-real-time-ai-phishing-urls-detection-1bkmbwwuqj.pdf

PhishHaven—An Efficient Real-Time AI Phishing URLs Detection System

Risks regarding Internet privacy and security have been identified as issues for both new and experienced users of Internet technology. This paper explores the privacy and security threats in centralized search engines and proposes a decentralized search system. The proposed decentralized search system provides privacy and security for its users. The decentralized nature also provides transparency, distributed search and community-driven decisions in the proposed framework. We compare the proposed framework with the existing centralized approach. Our analysis shows that (1) there is no significant difference in search time between the centralized and proposed framework, and (2) the proposed framework is more efficient by providing search results with fewer search resources compared to the centralized approach.

/pdf/a-framework-for-privacy-preserving-distributed-search-engine-3welg17cv4.pdf

A Framework for Privacy Preserving, Distributed Search Engine Using Topology of DLT and Onion Routing

Recently, National Institute of Standards and Technology (NIST) in the U.S. had initiated a global-scale competition to standardize the lightweight authenticated encryption with associated data (AEAD) and hash function. Gimli is one of the Round 2 candidates that is designed to be efficiently implemented across various platforms, including hardware (VLSI and FPGA), microprocessors, and microcontrollers. However, the performance of Gimli in massively parallel architectures like Graphics Processing Units (GPU) is still unknown. A high performance Gimli implementation on GPU can be especially useful to Internet of Things (IoT) applications, wherein the gateway devices and cloud servers need to handle a massive number of communications protected by AEAD. In this paper, we show that with careful optimization, Gimli can be efficiently implemented in desktop and embedded GPU to achieve extremely high throughput. Our experiments show that the proposed Gimli implementation can achieve 661.44 KB/s (encryption), 892.24 KB/s (decryption), and 4344.46 KB/s (hashing) in state-of-the-art GPUs.

cuGimli: optimized implementation of the Gimli authenticated encryption and hash function on GPU for IoT applications

Many people have used public keys in various areas based on public key infrastructure (PKI). PKI provides a method to publicize public keys securely. However, existing PKI methods have a problem that they assume trusted third parties. Therefore, the existing PKIs cannot be used when users cannot trust certificate issuers. To solve this problem, we propose a new trust model and describe its implementation based on blockchain. Users can trust the certificate issued by full nodes even if they do not trust the full nodes themselves. We analyze the security of our model and show that its security can be achieved higher than existing models. This new model can be particularly useful in an environment where a third party cannot be easily trusted.

A PKI without TTP based on conditional trust in blockchain

Attackers use a variety of techniques to insert redirection JavaScript that leads a user to a malicious webpage, where a drive-by-download attack is executed. In particular, the redirection JavaScript in the landing site is obfuscated to avoid detection systems. In this paper, we propose a lightweight detection system based on static analysis to classify the obfuscation type and to promptly detect the obfuscated redirection JavaScript. The proposed model detects the obfuscated redirection JavaScript by converting the JavaScript into an abstract syntax tree (AST). Then, the structure and token information are extracted. Specifically, we propose a lightweight AST to identify the obfuscation type and the revised term frequency-inverse document frequency to efficiently detect the malicious redirection JavaScript. This approach enables rapid identification of the obfuscated redirection JavaScript and proactive blocking of the webpages that are used in drive-by-download attacks.

KyungHyun Han

Papers

PhishHaven—An Efficient Real-Time AI Phishing URLs Detection System

A Framework for Privacy Preserving, Distributed Search Engine Using Topology of DLT and Onion Routing

cuGimli: optimized implementation of the Gimli authenticated encryption and hash function on GPU for IoT applications

A PKI without TTP based on conditional trust in blockchain

Lightweight Detection Method of Obfuscated Landing Sites Based on the AST Structure and Tokens