Survey and taxonomy of information-centric vehicular networking security attacks

Phishing is a malicious and deliberate act of sending counterfeit messages or mimicking a webpage. The goal is either to steal sensitive credentials like login information and credit card details or to install malware on a victim’s machine. Browser-based cyber threats have become one of the biggest concerns in networked architectures. The most prolific form of browser attack is tabnabbing which happens in inactive browser tabs. In a tabnabbing attack, a fake page disguises itself as a genuine page to steal data. This paper presents a multi agent based tabnabbing detection technique. The method detects heuristic changes in a webpage when a tabnabbing attack happens and give a warning to the user. Experimental results show that the method performs better when compared with state of the art tabnabbing detection techniques.

Download Full-text

A Study on Security Attacks in Wireless Sensor Network

2021 International Conference on Advance Computing and Innovative Technologies in Engineering (ICACITE) ◽

10.1109/icacite51222.2021.9404619 ◽

2021 ◽

Author(s):

Rajwinder Kaur ◽

Jasminder Kaur Sandhu

Keyword(s):

Wireless Sensor Network ◽

Sensor Network ◽

Wireless Sensor ◽

Security Attacks

Download Full-text

A Simulation Software for the Evaluation of Vulnerabilities in Reputation Management Systems

ACM Transactions on Computer Systems ◽

10.1145/3458510 ◽

2021 ◽

Vol 37 (1-4) ◽

pp. 1-30

Author(s):

Vincenzo Agate ◽

Alessandra De Paola ◽

Giuseppe Lo Re ◽

Marco Morana

Keyword(s):

Quality Of Service ◽

Distributed Systems ◽

State Of The Art ◽

Simulation Software ◽

Reputation Management ◽

Management Systems ◽

Security Attacks ◽

Vulnerability Evaluation ◽

Multi Agent

Multi-agent distributed systems are characterized by autonomous entities that interact with each other to provide, and/or request, different kinds of services. In several contexts, especially when a reward is offered according to the quality of service, individual agents (or coordinated groups) may act in a selfish way. To prevent such behaviours, distributed Reputation Management Systems (RMSs) provide every agent with the capability of computing the reputation of the others according to direct past interactions, as well as indirect opinions reported by their neighbourhood. This last point introduces a weakness on gossiped information that makes RMSs vulnerable to malicious agents’ intent on disseminating false reputation values. Given the variety of application scenarios in which RMSs can be adopted, as well as the multitude of behaviours that agents can implement, designers need RMS evaluation tools that allow them to predict the robustness of the system to security attacks, before its actual deployment. To this aim, we present a simulation software for the vulnerability evaluation of RMSs and illustrate three case studies in which this tool was effectively used to model and assess state-of-the-art RMSs.

Download Full-text

A study of the cloud security attacks and threats

Journal of Physics Conference Series ◽

10.1088/1742-6596/1964/4/042061 ◽

2021 ◽

Vol 1964 (4) ◽

pp. 042061

Author(s):

V Sureshkumar ◽

B Baranidharan

Keyword(s):

Cloud Security ◽

Security Attacks

Download Full-text

Software-driven Security Attacks: From Vulnerability Sources to Durable Hardware Defenses

ACM Journal on Emerging Technologies in Computing Systems ◽

10.1145/3456299 ◽

2021 ◽

Vol 17 (3) ◽

pp. 1-38

Author(s):

Lauren Biernacki ◽

Mark Gallagher ◽

Zhixing Xu ◽

Misiker Tadesse Aga ◽

Austin Harris ◽

...

Keyword(s):

Life Cycle ◽

Case Studies ◽

Gain Control ◽

Illustrative Case ◽

Security Attacks ◽

Specific Point ◽

Security Vulnerabilities ◽

Significant Challenge ◽

Hardware Realization ◽

Over Time

There is an increasing body of work in the area of hardware defenses for software-driven security attacks. A significant challenge in developing these defenses is that the space of security vulnerabilities and exploits is large and not fully understood. This results in specific point defenses that aim to patch particular vulnerabilities. While these defenses are valuable, they are often blindsided by fresh attacks that exploit new vulnerabilities. This article aims to address this issue by suggesting ways to make future defenses more durable based on an organization of security vulnerabilities as they arise throughout the program life cycle. We classify these vulnerability sources through programming, compilation, and hardware realization, and we show how each source introduces unintended states and transitions into the implementation. Further, we show how security exploits gain control by moving the implementation to an unintended state using knowledge of these sources and how defenses work to prevent these transitions. This framework of analyzing vulnerability sources, exploits, and defenses provides insights into developing durable defenses that could defend against broader categories of exploits. We present illustrative case studies of four important attack genealogies—showing how they fit into the presented framework and how the sophistication of the exploits and defenses have evolved over time, providing us insights for the future.

Download Full-text

An Optimized Stacking Ensemble Model for Phishing Websites Detection

Electronics ◽

10.3390/electronics10111285 ◽

2021 ◽

Vol 10 (11) ◽

pp. 1285

Author(s):

Mohammed Al-Sarem ◽

Faisal Saeed ◽

Zeyad Ghaleb Al-Mekhlafi ◽

Badiea Abdulkarem Mohammed ◽

Tawfik Al-Hadhrami ◽

...

Keyword(s):

Machine Learning ◽

Random Forests ◽

Ensemble Method ◽

Detection Methods ◽

Detection Accuracy ◽

Ensemble Model ◽

Security Attacks ◽

Data Set ◽

Machine Learning Methods ◽

Ensemble Machine Learning

Security attacks on legitimate websites to steal users’ information, known as phishing attacks, have been increasing. This kind of attack does not just affect individuals’ or organisations’ websites. Although several detection methods for phishing websites have been proposed using machine learning, deep learning, and other approaches, their detection accuracy still needs to be enhanced. This paper proposes an optimized stacking ensemble method for phishing website detection. The optimisation was carried out using a genetic algorithm (GA) to tune the parameters of several ensemble machine learning methods, including random forests, AdaBoost, XGBoost, Bagging, GradientBoost, and LightGBM. The optimized classifiers were then ranked, and the best three models were chosen as base classifiers of a stacking ensemble method. The experiments were conducted on three phishing website datasets that consisted of both phishing websites and legitimate websites—the Phishing Websites Data Set from UCI (Dataset 1); Phishing Dataset for Machine Learning from Mendeley (Dataset 2, and Datasets for Phishing Websites Detection from Mendeley (Dataset 3). The experimental results showed an improvement using the optimized stacking ensemble method, where the detection accuracy reached 97.16%, 98.58%, and 97.39% for Dataset 1, Dataset 2, and Dataset 3, respectively.

Download Full-text