In recent years, Internet of Vehicles (IoV) is in a booming stage. But at the same time, the methods of attack against IoV such as Denial of Service (DoS) and deception are great threats to personal ...and social security. Traditional IoV intrusion detection usually adopts a centralized detection model, which has the disadvantages of untimely detection results and is difficult to protect vehicle privacy in practical applications. Meanwhile, centralized computation requires a large amount of vehicle data transmission, which overloads the wireless bandwidth. Combined the distributed computing resources of Federated Learning (FL) and the decentralized features of blockchain, an IoV intrusion detection framework named IoV-BCFL is proposed, which is capable of distributed intrusion detection and reliable logging with privacy protection. FL is used for distributing training on vehicle nodes and aggregating the training models at Road Side Unit (RSU) to reduce data transmission, protect the privacy of training data, and ensure the security of the model. A blockchain-based intrusion logging mechanism is presented, which enhances vehicle privacy protection through Rivest-Shamir-Adleman (RSA) algorithm encryption and uses Inter Planetary File System (IPFS) to store the intrusion logs. The intrusion behavior can be faithfully recorded by logging smart contract after detecting the intrusion, which can be used to track intruders, analyze security vulnerabilities, and collect evidence. Experiments based on different open source datasets show that FL achieves a high detection rates on intrusion data and effectively reduce the communication overhead, the smart contract performs well on evaluation indicators such as sending rate, latency, and throughput.
CCTV surveillance systems are IoT products that can be found almost everywhere. Their digital forensic analysis often plays a key role in solving crimes. However, it is common for these devices to ...use proprietary file systems, which frequently hinders a complete examination. HIKVISION is a well-known manufacturer of such devices that typically ships its products with its proprietary file system. The HIKVISION file system has been analyzed before but that research has focused on the recovery of video footage. In this paper, the HIKVISION file system is being revisited regarding the log records it stores. More specifically, these log records are thoroughly examined to uncover both their structure and meaning. These unexplored pieces of evidence remain unexploited by major commercial forensic software, yet they can contain critical information for an investigation. To further assist digital forensic examiners with their analysis, a Python utility, namely the Hikvision Log Analyzer, was developed as part of this study that can automate part of the process.
CCTV surveillance systems are ubiquitous IoT appliances. Their forensic examination has proven critical for investigating crimes. DAHUA Technology is a well‐known manufacturer of such products. ...Despite its global market share, research regarding digital forensics of DAHUA Technology CCTV systems is scarce and currently limited to extracting their video footage, overlooking the potential presence of valuable artifacts within their log records. These pieces of evidence remain unexploited by major commercial forensic software, yet they can hide vital information for an investigation. For instance, these log records document user actions, such as formatting the CCTV system's hard drive or disabling camera recording. This information can assist in attributing nefarious actions to specific users and hence can be invaluable for understanding the sequence of events related to incidents. Therefore, in this paper, several DAHUA Technology CCTV systems are thoroughly analyzed for these unexplored pieces of evidence, and their forensic value is presented.
The fact that users and applications acquire information using web sites on the internet means that document and information sharing, banking and other operational processes are increasing day by ...day. Recently however, with the widespread use of the internet, some security problems, such as unauthorized access, data breaches, code infection, malware infections, data leaks and distributed denial of service attacks have emerged. This situation necessitates the protection of the information used in personal and public spaces. In this study, a common model was created to detect user intrusions by taking into account criteria such as the number of transactions performed, their IP addresses, the amount of data they use, the transaction type they perform and the roles they undertake. In this way, the aim was to ensure database security by detecting risky user groups in advance.
In healthcare information management, privacy and confidentiality are two major concerns usually satisfied by access control means. Traditional access control mechanisms prevent illegal access by ...controlling access right before executing an action. They have some limitations like inflexibility in unanticipated circumstances (e.g., emergency). Recently, a posteriori access control has been proposed to complete a priori protection for a more effective and flexible solution. It controls the access by deterring user from having unauthorized access. To be deployed, a posteriori access control needs evidence to prove the users’ violations. In this paper, we show how log records defined by the Integrating the Healthcare Enterprise-Audit Trail and Node Authentication (ATNA) profile can be used to deploy an a posteriori access control system. To develop an efficient method for finding violations, we propose a framework that customizes ATNA log records according to a contextual security policy like the Organization-Based Access Control. Experiments we conducted are also presented.
Anomaly Detection in Log Records Ghuli, Poonam
Indonesian Journal of Electrical Engineering and Computer Science,
04/2018, Volume:
10, Issue:
1
Journal Article
Open access
Complex software systems are continuously generating application and server logs for the events which had occurred in the past. These logs generated and can be utilized for anomaly and intrusion ...detection. These log files can be used for anomaly or outlier detection. Certain types of abnormalities or exceptions such as spikes in HTTP requests, number of exceptions raised in logs, etc. All these events are logged into the log files for further analysis. These types of events are generally used for predicting the anomalies in future. The developed prototype assumes that the user inputs log records in a standard apache log format. At first the user uploads the log file for outlier detection. Next, a prototype is developed to get the number of HTTP requests for outlier detection. Then anomalies in number of HTTP requests are detected using three techniques namely InterQuartileRange method, Moving averages and Median Absolute deviation. Once the outliers are detected, these outliers are removed from the current dataset. This output is given as input to the Multilayer Perceptron model to predict the number of HTTP requests at the next timestamp
Information Security Policies are used for expressing the high level objectives of Security of an enterprise. The different IT assets are configured to protect the enterprise from attackers. The ...configured assets generate log records as description of the events happening in the system. Published literature focuses on the behavioral aspects of the users in complying with the policies. This paper presents a novel idea of checking the compliance with Information Security Policies from the log records. The paper presents a formal description of compliance and goes on to describe the representation of the different entities like Policies, Rules, Events and Logs for the automatic Compliance checker.
Towards Blockchain-Driven Network Log Management System Rakib, Mohammad Habibullah; Hossain, Showkot; Jahan, Mosarrat ...
2020 IEEE 8th International Conference on Smart City and Informatization (iSCI),
2020-Dec.
Conference Proceeding
Log data is crucial to detect mischievous activities conducted in a computing environment. Traditional log management systems that depend on cloud and centralized storage servers are vulnerable to a ...single point of failure and lack transparency and trust since the adversaries tamper log records. In literature, blockchain is used to design log storage to resolve these issues. Although some solutions have been introduced, the existing works still cannot guarantee log data confidentiality, lack of efficient query mechanism, real-time implementation, and performance analysis. In this paper, we propose a blockchain-based network log data storage, query, and audit system. We have implemented and deployed the scheme in physical networking environment to collect log records. Our system ensures transparency, data accountability, and data confidentiality and incurs low overhead for performance analysis. Our work demonstrates the feasibility of blockchain to build a time-efficient log management system while ensuring the privacy of log data.
Growth of network technology and easy internet access are the key features for development and use of Database-as-a-Service (DaaS) technique. In DaaS technique it is necessary to ensure safe and ...correct operation of any industry. In many cases, the types of data records used to conduct security audits are considered sensitive, as they could reveal information about internal network structures, the types of software running, private customer or employee information. In this paper we suggest a technique based on system of linear equations, which enables a trusted party to give the service provider's server the ability to test whether a given keyword appears in log records but the server learns nothing about the keyword and the log content. We compare our scheme with existing encryption schemes and prove that our scheme is efficient and secure.
Virtual Machines(VMs) refer to the software implementation of a computer that runs its own operating system and applications as if it is a physical machine. Live migration of VMs allows a server ...administrator to move a running virtual machine among different physical machines without disconnecting the client or application. Total migration time and downtime are two key performance metrics that the clients of a VM service care about the most, because they are concerned about service degradation and the duration for which the service is completely unavailable. Among the already existing approaches for live VM migration, pre-copy approach transfers VM in a manner that balances the requirements of minimizing both the downtime and the total migration time. But this approach is inefficient in the case when the page-dirtying rate is very high because the total migration time will also increase with it. We propose a method in which the migration time can be reduced by transferring the pages that are not recently used and by sending the log records of modifications instead of resending the dirty pages.