The proliferation of IoT systems, has seen them targeted by malicious third parties. To address this challenge, realistic protection and investigation countermeasures, such as network intrusion ...detection and network forensic systems, need to be effectively developed. For this purpose, a well-structured and representative dataset is paramount for training and validating the credibility of the systems. Although there are several network datasets, in most cases, not much information is given about the Botnet scenarios that were used. This paper proposes a new dataset, so-called Bot-IoT, which incorporates legitimate and simulated IoT network traffic, along with various types of attacks. We also present a realistic testbed environment for addressing the existing dataset drawbacks of capturing complete network information, accurate labeling, as well as recent and complex attack diversity. Finally, we evaluate the reliability of the BoT-IoT dataset using different statistical and machine learning methods for forensics purposes compared with the benchmark datasets. This work provides the baseline for allowing botnet identification across IoT-specific networks. The Bot-IoT dataset can be accessed at Bot-iot (2018) 1.
•Designing a new realistic Bot-IoT dataset and give a detailed description of designing the testbed configuration and simulated IoT sensors.•Analyzing the proposed features of the dataset using Correlation Coefficient and Joint Entropy techniques.•Evaluating the performance of network forensic methods, based on machine and deep learning algorithms using the botnet-IoT dataset compared with popular datasets.
With the prevalence of Internet of Things (IoT) systems, inconspicuous everyday household devices are connected to the Internet, providing automation and real-time services to their users. In spite ...of their light-weight design and low power, their vulnerabilities often give rise to cyber risks that harm their operations over network systems. One of the key challenges of securing IoT networks is tracing sources of cyber-attack events, along with obfuscating and encrypting network traffic. This study proposes a new network forensics framework , called a Particle Deep Framework (PDF), which describes the digital investigation phases for identifying and tracing attack behaviors in IoT networks. The proposed framework includes three new functions: (1) extracting network data flows and verifying their integrity to deal with encrypted networks; (2) utilizing a Particle Swarm Optimization (PSO) algorithm to automatically adapt parameters of deep learning; and (3) developing a Deep Neural Network (DNN) based on the PSO algorithm to discover and trace abnormal events from IoT network of smart homes. The proposed PDF is evaluated using the Bot-IoT and UNSW_NB15 datasets and compared with various deep learning techniques. Experimental results reveal a high performance of the proposed framework for discovering and tracing cyber-attack events compared with the other techniques.
•Particle Deep Framework for Internet of things Network Forensics presented.•Deep Neural Network optimization through Particle Swarm Optimization.•Analysis of experimental results indicate high accuracy, precision and recall.
Cyber-physical systems (CPS) generate big data collected from combining physical and digital entities, but the challenge of CPS privacy-preservation demands further research to protect CPS sensitive ...information from unauthorized access. Data mining, perturbation, transformation and encryption are techniques extensively used to preserve private information from disclosure whilst still providing insight, but these are limited in their effectiveness in still allowing high-level analysis. This paper studies the role of big data component analysis for protecting sensitive information from illegal access. The independent component analysis (ICA) technique is applied to transform raw CPS information into a new shape whilst preserving its data utility. The mechanism is evaluated using the power CPS dataset, and the results reveal that the technique is more effective than four other privacy-preservation techniques, obtaining a higher level of privacy protection. In addition, the data utility is tested using three machine learning algorithms to estimate their capability of identifying normal and attack patterns before and after transformation.
The constant miniaturization of hardware and an increase in power efficiency, have made possible the integration of intelligence into ordinary devices. This trend of augmenting so-called ...non-intelligent everyday devices with computational capabilities has led to the emergence of the Internet of Things (IoT) domain. With a wide variety of applications, such as home automation, smart grids/cities, and critical infrastructure management, the IoT systems make compelling targets for cyber-attacks. In order to effectively compromise these systems, adversaries employ different advanced persistent threat (APT) methods, with one such sophisticated method, being botnets. By employing a plethora of infected machines (bots), attackers manage to compromise the IoT systems and exploit them. Prior to the appearance of the IoT domain, specialized digital forensics mechanisms were developed, in order to investigate Botnet activities in small-scale systems. Since IoT enabled botnets are scalable, technologically diverse and make use of current high-speed networks, developing forensic mechanisms capable of investigating the IoT Botnet activities has become an important challenge in the cyber-security field. Various studies have proposed, deep learning as a viable solution for handling the IoT generated data, as it was designed to handle diverse data in large volumes, requiring near real-time processing. In this study, we provide a review of forensics and deep learning mechanisms employed to investigate botnets and their applicability in the IoT environments. We provide a new definition for the IoT, in addition to a taxonomy of network forensic solutions, that were developed for both conventional, as well as, the IoT settings. Furthermore, we investigate the applicability of deep learning in network forensics, the inherent challenges of applying network forensics techniques to the IoT, and provide future direction for research in this field.
Much value in a brownfield Industrial Internet of Things (IIoT) implementation resides at its edge tier, where new types of devices and technologies are deployed to interoperate the legacy industrial ...control systems with servers and systems in the cloud, and leverage the benefits of the Internet of Things technologies. One of these novel devices is the IIoT edge gateway, which is used to connect critical physical systems with the cyber world, and to provide consistent storage, processing, and analytical and controlling capabilities. However, these devices also come with new and advanced threats such as targeted ransomware. In this paper, we investigate this threat in detail. We studied the threat actors' motivations, the anatomy of ransomware for edge gateways, and the likelihood of such ransomware attack to happen in the future. We found that threat actors find IIoT edge gateways attractive ransomware targets due to their vital roles and functionalities in working with critical infrastructure and that the likelihood of such attack to occur is high. We built the first version of a ransomware security testbed for IIoT, and for test purposes, we developed a first version of ransomware target at IIoT edge gateway in a brownfield system. From our measurements we conclude that kernel-related activity parameters are significant indicators of the abnormal behavior caused by crypto-ransomware attacks in IIoT edge gateways, much more so even than for similar attacks in information technology server workstation. Thereby, some potential countermeasures for addressing targeted ransomware in IIoT systems are recommended as proactive strategies for dealing with attackers' new techniques and tactics.
Industrial Internet of Thing (IIoT) systems are considered attractive ransomware targets because they operate critical services that affect human lives and have substantial operational costs. The ...major concern is with brownfield IIoT systems since they have legacy edge systems that are not fully prepared to integrate with IoT technologies. Various existing security solutions can detect and mitigate such attacks but are often ineffective due to the heterogeneous and distributed nature of the IIoT systems and their interoperability demands. Consequently, developing new detection solutions is essential. Therefore, this paper proposes a novel targeted ransomware detection model tailored for IIoT edge systems. It uses Asynchronous Peer-to-Peer Federated Learning (AP2PFL) and Deep Learning (DL) techniques as a targeted ransomware detection algorithm. The proposed model consists of two modules: 1) Data Purifying Module (DPM) aims to refine and reconstruct a valuable and robust representation of data based on Contractive Denoising Auto-Encoder (CDAE), and 2) Diagnostic and Decision Module (DDM) is used to identify targeted ransomware and its stages based on Deep Neural Network (DNN) and Batch Normalization (BN). The main strengths of this proposed model include: 1) each edge gateway's modules work cooperatively with its neighbors in an asynchronous manner and without a third party, 2) it deals with both homogeneous and heterogeneous data, and 3) it is robust against evasion attacks. An exhaustive set of experiments on three datasets prove the high effectiveness of the proposed model in detecting targeted ransomware (known and unknown attacks) in brownfield IIoT and the superiority over the state-of-the-art models.
Existing failure criteria for orthotropic materials are subject to an underlying assumption which cause contradictions when applied to genuinely orthotropic materials that are significantly ...anisotropic in elasticity as well as in strengths. For such materials, there is lack of consistent failure criteria to support their applications in engineering structures. A general quadratic failure criterion tends to leave undetermined coefficients for interactive terms. A rational approach is adopted in this paper based on mathematical and logical considerations to determine these coefficients as the objective of this paper. Considerations are based on the intrinsic characteristics of the quadric surfaces introduced by the quadratic failure criterion. These coefficients must take the values as obtained, leaving no alternatives if logic prevails. The obtained criterion integrates for the first time a range of criteria separately formulated for materials of different degrees of anisotropy, from genuinely orthotropic, through transversely isotropic, cubically symmetric, to completely isotropic ones with different or identical tensile and compression strengths.
The nonlinear along-fibre shear stress–strain relationship for unidirectionally fibre-reinforced composites has been investigated in this paper aiming at its applications in general 3D stress ...conditions in a consistent manner. So far, such relationship has only been addressed in plane stress conditions. In this paper, it has been shown that its straightforward generalisation to 3D stress states lacks objectivity, which is a basic requirement for all theoretical studies of physical problems. A new formulation is proposed based on the stress invariants and the complementary strain energy guided by the rational theoretical framework of nonlinear elasticity. A consistent and objective stress–strain relationship has been obtained and verified through an example of application to a torsion problem.
Cyber-Physical Systems (CPS) underpin global critical infrastructure, including power, water, gas systems and smart grids. CPS, as a technology platform, is unique as a target for Advanced Persistent ...Threats (APTs), given the potentially high impact of a successful breach. Additionally, CPSs are targets as they produce significant amounts of heterogeneous data from the multitude of devices and networks included in their architecture. It is, therefore, essential to develop efficient privacy-preserving techniques for safeguarding system data from cyber attacks. This paper introduces a comprehensive review of the current privacy-preserving techniques for protecting CPS systems and their data from cyber attacks. Concepts of Privacy preservation and CPSs are discussed, demonstrating CPSs' components and the way these systems could be exploited by either cyber and physical hacking scenarios. Then, classification of privacy preservation according to the way they would be protected, including perturbation, authentication, machine learning (ML), cryptography and blockchain, are explained to illustrate how they would be employed for data privacy preservation. Finally, we show existing challenges, solutions and future research directions of privacy preservation in CPSs.
The quadratic function of the original Tsai–Wu failure criterion for transversely isotropic materials is re-examined in this paper. According to analytic geometry, two of the troublesome coefficients ...associated with the interactive terms—one between in-plane direct stresses and one between transverse direct stresses—can be determined based on mathematical and logical considerations. The analysis of the nature of the quadratic failure function in the context of analytic geometry enhances the consistency of the failure criterion based on it. It also reveals useful physical relationships as intrinsic properties of the quadratic failure function. Two clear statements can be drawn as the outcomes of the present investigation. Firstly, to maintain its basic consistency, a failure criterion based on a single quadratic failure function can only accommodate five independent strength properties, viz. the tensile and compressive strengths in the directions along fibres and transverse to fibres, and the in-plane shear strength. Secondly, amongst the three transverse strengths—tensile, compressive and shear—only two are independent.