Online Social Networks (OSNs) are a popular platform for communication and collaboration. Spammers are highly active in OSNs. Uncovering spammers has become one of the most challenging problems in ...OSNs. Classification-based supervised approaches are the most commonly used method for detecting spammers. Classification-based systems suffer from limitations of “data labelling”, “spam drift”, “imbalanced datasets” and “data fabrication”. These limitations effect the accuracy of a classifier’s detection. An unsupervised approach does not require labelled datasets. We aim to address the limitation of data labelling and spam drifting through an unsupervised approach.We present a pure unsupervised approach for spammer detection based on the peer acceptance of a user in a social network to distinguish spammers from genuine users. The peer acceptance of a user to another user is calculated based on common shared interests over multiple shared topics between the two users. The main contribution of this paper is the introduction of a pure unsupervised spammer detection approach based on users’ peer acceptance. Our approach does not require labelled training datasets. While it does not better the accuracy of supervised classification-based approaches, our approach has become a successful alternative for traditional classifiers for spam detection by achieving an accuracy of 96.9%.
Full text
Available for:
CEKLJ, NUK, ODKLJ, UL, UM, UPUK
High Frequency communication is a proven method of beyond line of sight (BLOS) communications for decades. With the advent of Wideband HF (WBHF), the ability to communicate data and more specifically ...TCP over HF is being researched worldwide. HF-TCP, an optimised TCP for HF links provides improved TCP communication over challenging High Frequency (HF) communication systems. It relies on the modification of Forced Retransmission Timeout (fRTO) and Mean Segment Size (MSS) to improve the reliability of communication sessions. Calculating the fRTO for a communication session that would provide the optimum result over a communication link is a complex task due to the timers that manage the session and the HF channel characteristics. In this paper, the use of Machine Learning (ML) techniques to dynamically predict fRTO and MSS to improve the fRTO calculation process for all communication instances is proposed. To achieve this, a Predictor Model is used to predict fRTO and MSS while an Optimiser model optimises the Predictor model's output. Decision Tree Regression was proven to be the most accurate among the various ML algorithms tested with 82 percent prediction accuracy. The performance of HF-TCP with proposed predicted fRTO and MSS is compared with that of standard TCP and the performance of the Predictor and Optimiser models is also analysed. The results show 72 percent of instances have an improvement in link efficiency when using HF-TCP with predicted fRTO and MSS over standard TCP.
In intelligent vehicular networks, vehicles have enhanced sensing capabilities and carry computing and communication platforms to enable new versatile systems known as Vehicular Communication (VC) ...systems. Vehicles communicate with other vehicles and with nearby fixed equipment to support different applications, including those which increase driver awareness of the surroundings. This should result in improved safety and may optimize traffic. However, VC systems are vulnerable to cyber attacks involving message manipulation. Research aimed at tackling this problem has resulted in the proposal of multiple authentication protocols. Several existing survey papers have attempted to classify some of these protocols based on a limited set of characteristics. However, to date there is no generic framework to support the comparison of these protocols and provide guidance for design and evaluation. Most existing classifications either use computation complexity of cryptographic techniques as a criterion, or they fail to make connections between different important aspects of authentication. This paper provides such a framework, proposing a new taxonomy to enable a consistent means of classifying authentication schemes based upon seven main criteria. The main contribution of this study is a framework to enable protocol designers and investigators to adequately compare and select authentication schemes when deciding on particular protocols to implement in an application. Our framework can be applied in design, making choices appropriate for the intended context in both intra-vehicle and inter-vehicle communications. We demonstrate the application of our framework using two different types of case study: individual analysis and hypothetical design. Additionally, this work makes several related contributions. We present the network model, outline the applications, list the communication patterns and the underlying standards, and discuss the necessity of using cryptography and key management in VC systems. We also review the threats, authentication, and privacy requirements in vehicular networks.
Full text
Available for:
DOBA, IZUM, KILJ, NUK, PILJ, PNG, SAZU, SIK, UILJ, UKNU, UL, UM, UPUK
In recent decades, cyber security issues in IEC 61850-compliant substation automation systems (SASs) have become growing concerns. Many researchers have developed various strategies to detect ...malicious behaviours of SASs during the system operational stage, such as anomaly-based detection. However, most existing anomaly-based detection methods identify an abnormal behaviour by checking every single network packet without any association. These traditional methods cannot effectively detect "stealthy" attacks which modify legitimate messages slightly while imitating patterns of benign behaviours. In this paper, we present feature selection and extraction methods to generalise and summarise critical features when detecting insider attacks triggering from untrusted control devices within SASs. By applying a sliding window-based sequential classification mechanism, our detection method can detect anomalies across multiple devices without the need to learn datasets collected from all devices. Firstly, to generalise critical features and summarise systems' behaviours so that it is unnecessary to collect all datasets, we selected and extracted six critical network features from generic object-oriented substation events (GOOSE) messages and seven summarised physical features based on the general architecture of the primary plant of distribution substations. After that, to improve detection accuracy and reduce computational costs, we applied sliding window algorithms to divide datasets into different overlapped window-based snippets. Then we applied a sequential classification model based on Bidirectional Long Short-Term Memory networks to train and test those datasets. As a result, our method can detect insider attacks across multiple devices accurately with a false-negative rate of less than 1%.
Energy market trading systems are undergoing rapid transformation due to an increasing demand for renewable energy sources to be integrated into the power grid, coupled with the dynamic and evolving ...needs of future energy customers. In the current energy trading system, which is based on mega power generation, energy is traded by insecure means of communication based on mutual trust. In addition, electricity from both renewable and non-renewable sources is mixed in the grid, impeding customers' ability to definitively track the source of energy dispatched to their premises. Although blockchain technology has been studied for energy trading on a peer-to-peer microgrid trading, to our knowledge none of the previous work focused on using blockchain for trading energy in a national wholesale energy market in macrogrid. In this paper, we address security architectures required of the energy market trading system in an Australian context, we propose a cryptocurrency token-based structure and a smart contract that provides data confidentiality that verifies and audits transactional records. The proposed trading system architecture not only enhances overall system security but provides additional capabilities in the operation of the scheme so that sources of energy dispatched to customer premises are known. The energy market trading system we propose also presents higher security compared to existing trading systems.
Wireless broadcast transmission enables Inter-vehicle or Vehicle-to-Vehicle (V2V) communication among nearby vehicles and with nearby fixed equipment, referred to as Road Side Units (RSUs). The ...vehicles and RSUs within transmission range establish a self-organizing network called Vehicular Ad-hoc Network (VANET). The V2V communication in VANETs is vulnerable to cyber-attacks involving message manipulation. Thus, mechanisms should be applied to ensure both the authenticity and integrity of the data broadcast. However, due to privacy concerns, it is important to avoid the use of identifiers that may aid tracking and surveillance of drivers. This is a serious constraint on authentication mechanisms. Recently, Wang et al. 1 proposed A Two-Factor Lightweight Privacy Preserving Authentication Scheme for VANET named 2FLIP. They claim that their scheme includes a secure systemkey update protocol to restore the whole system when necessary. In this paper, we show that this is incorrect: 2FLIP does not provide perfect forward secrecy. This results in a known-key attack, as well as message forgery attack by an external adversary who may be an unregistered vehicle user. This external adversary can generate valid anonymous messages and further, they cannot be traced. The 2FLIP scheme is efficient, so we propose a modification to improve the security. We provide a formal security proof to show that our proposal is indeed provably secure. We demonstrate the efficiency of our proposal by conducting extensive performance analysis. We believe the enhanced system-key update protocol will be useful for application by researchers and designers in current and future VANET authentication schemes.
pruning methods that can be used to reduce graph size to manageable levels by removing information irrelevant to vulnerabilities, while preserving relevant information. We present "Semantic-enhanced ...Code Embedding for Vulnerability Detection" (SCEVD), a deep learning model for vulnerability detection that seeks to fill these gaps by using more detailed information about code semantics to select vulnerability-relevant features from code graphs. We propose several heuristic-based pruning methods, implement them as part of SCEVD, and conduct experiments to verify their effectiveness. Our heuristic-based pruning improves on vulnerability detection results by up to 12% over the baseline pruning method.
Industrial control systems (ICS) are moving from dedicated communications to switched and routed corporate networks, exposing them to the Internet and placing them at risk of cyber-attacks. Existing ...methods of detecting cyber-attacks, such as intrusion detection systems (IDSs), are commonly implemented in ICS and SCADA networks. However, these devices do not detect more complex threats that manifest themselves gradually over a period of time through a combination of unusual sequencing of activities, such as process-related attacks. During the normal operation of ICSs, ICS devices record device logs, capturing their industrial processes over time. These logs are a rich source of information that should be analysed in order to detect such process-related attacks.
In this paper, we present a novel process mining anomaly detection method for identifying anomalous behaviour and cyber-attacks using ICS data logs and the conformance checking analysis technique from the process mining discipline. A conformance checking analysis uses logs captured from production systems with a process model (which captures the expected behaviours of a system) to determine the extent to which real behaviours (captured in the logs) matches the expected behaviours (captured in the process model). The contributions of this paper include an experimentally derived recommendation for logging practices on ICS devices, for the purpose of process mining-based analysis; a formalised approach for pre-processing and transforming device logs from ICS systems into event logs suitable for process mining analysis; guidance on how to create a process model for ICSs and how to apply the created process model through a conformance checking analysis to identify anomalous behaviours. Our anomaly detection method has been successfully applied in detecting ICS cyber-attacks, which the widely used IDS Snort does not detect, using logs derived from industry standard ICS devices.
Full text
Available for:
GEOZS, IJS, IMTLJ, KILJ, KISLJ, NLZOH, NUK, OILJ, PNG, SAZU, SBCE, SBJE, UL, UM, UPUK, ZRSKP
The Distributed Network Protocol version 3 (DNP3) provides Secure Authentication (DNP3-SA) as the mechanism to authenticate unicast messages from a master station to its outstations in supervisory ...control and data acquisition systems. In large-scale systems, it may be necessary to broadcast a critical request from a master station to multiple outstations at once. The DNP3 protocol standard describes the use of broadcast communication; however, it does not specify its security. This paper is the first to present DNP3 Secure Authentication for Broadcast (DNP3-SAB), a new lightweight security scheme for broadcast mode communication. This scheme is based on hash chain and only makes use of the existing cryptographic primitives specified in DNP3-SA. The scheme integrates itself into the DNP3-SA key update process. The proposed scheme is modeled, validated, and verified using colored Petri Nets against the most common protocol attacks such as modification, injection, and replay. Performance analysis on our scheme and the existing DNP3-SA modes (NACR and AGM) shows that DNP3-SAB reduces the communication overhead significantly at the cost of an increase with a constant term in processing and storage overhead. This benefit is maintained even when DNP3-SAB is under attack.
Detection and prevention of global navigation satellite system (GNSS) "spoofing" attacks, or the broadcast of false global navigation satellite system services, has recently attracted much research ...interest. This survey aims to fill three gaps in the literature: first, to assess in detail the exact nature of threat scenarios posed by spoofing against the most commonly cited targets; second, to investigate the many practical impediments, often underplayed, to carrying out GNSS spoofing attacks in the field; and third, to survey and assess the effectiveness of a wide range of proposed defences against GNSS spoofing. Our conclusion lists promising areas of future research.
Full text
Available for:
IZUM, KILJ, NUK, PILJ, SAZU, UL, UM, UPUK