Election Security in the Cloud: A CTF Activity to Teach Cloud and Web Security

With the rapid increase in the volume of e-commerce, the security of web-based transactions is of increasing concern. A widespread but dangerously incorrect belief among web users is that all security issues are taken care of when a website uses HTTPS (secure HTTP). While HTTPS does provide security, websites are often developed and deployed in ways that make them and their users vulnerable to hackers. In this article we explore some of these vulnerabilities. We first introduce the key ideas and then provide several experiential learning exercises so that readers can understand the challenges and possible solutions to them in a hands-on manner.

Download Full-text

The evolution from Traditional to Intelligent Web Security: Systematic Literature Review

2020 International Symposium on Networks, Computers and Communications (ISNCC) ◽

10.1109/isncc49221.2020.9297240 ◽

2020 ◽

Author(s):

Carlos Jose Martinez Santander ◽

Hugo Moreno ◽

Myriam Beatriz Hernandez Alvarez

Keyword(s):

Literature Review ◽

Systematic Literature Review ◽

Web Security

Download Full-text

Security of Things Intrusion Detection System for Smart Healthcare

Electronics ◽

10.3390/electronics10121375 ◽

2021 ◽

Vol 10 (12) ◽

pp. 1375

Author(s):

Celestine Iwendi ◽

Joseph Henry Anajemba ◽

Cresantus Biamba ◽

Desire Ngabo

Keyword(s):

Genetic Algorithm ◽

Intrusion Detection ◽

False Alarm ◽

False Alarm Rate ◽

Detection Rate ◽

Web Security ◽

Intrusion Detection Systems ◽

High Detection Rate ◽

Detection Systems ◽

Smart Healthcare

Web security plays a very crucial role in the Security of Things (SoT) paradigm for smart healthcare and will continue to be impactful in medical infrastructures in the near future. This paper addressed a key component of security-intrusion detection systems due to the number of web security attacks, which have increased dramatically in recent years in healthcare, as well as the privacy issues. Various intrusion-detection systems have been proposed in different works to detect cyber threats in smart healthcare and to identify network-based attacks and privacy violations. This study was carried out as a result of the limitations of the intrusion detection systems in responding to attacks and challenges and in implementing privacy control and attacks in the smart healthcare industry. The research proposed a machine learning support system that combined a Random Forest (RF) and a genetic algorithm: a feature optimization method that built new intrusion detection systems with a high detection rate and a more accurate false alarm rate. To optimize the functionality of our approach, a weighted genetic algorithm and RF were combined to generate the best subset of functionality that achieved a high detection rate and a low false alarm rate. This study used the NSL-KDD dataset to simultaneously classify RF, Naive Bayes (NB) and logistic regression classifiers for machine learning. The results confirmed the importance of optimizing functionality, which gave better results in terms of the false alarm rate, precision, detection rate, recall and F1 metrics. The combination of our genetic algorithm and RF models achieved a detection rate of 98.81% and a false alarm rate of 0.8%. This research raised awareness of privacy and authentication in the smart healthcare domain, wireless communications and privacy control and developed the necessary intelligent and efficient web system. Furthermore, the proposed algorithm was applied to examine the F1-score and precisionperformance as compared to the NSL-KDD and CSE-CIC-IDS2018 datasets using different scaling factors. The results showed that the proposed GA was greatly optimized, for which the average precision was optimized by 5.65% and the average F1-score by 8.2%.

Download Full-text

RBP: a website fingerprinting obfuscation method against intelligent fingerprinting attacks

Journal of Cloud Computing Advances Systems and Applications ◽

10.1186/s13677-021-00244-8 ◽

2021 ◽

Vol 10 (1) ◽

Author(s):

Tao Luo ◽

LiangMin Wang ◽

ShangNan Yin ◽

Hao Shentu ◽

Hui Zhao

Keyword(s):

Data Security ◽

Arrival Time ◽

State Of The Art ◽

Web Security ◽

Security And Privacy ◽

Low Delay ◽

Defense Technology ◽

The Difference ◽

Bandwidth Overhead ◽

Traffic Analysis Attack

AbstractEdge computing has developed rapidly in recent years due to its advantages of low bandwidth overhead and low delay, but it also brings challenges in data security and privacy. Website fingerprinting (WF) is a passive traffic analysis attack that threatens website privacy which poses a great threat to user’s privacy and web security. It collects network packets generated while a user accesses website, and then uses a series of techniques to discover patterns of network packets to infer the type of website user accesses. Many anonymous networks such as Tor can meet the need of hide identity from users in network activities, but they are also threatened by WF attacks. In this paper, we propose a website fingerprinting obfuscation method against intelligent fingerprinting attacks, called Random Bidirectional Padding (RBP). It is a novel website fingerprinting defense technology based on time sampling and random bidirectional packets padding, which can covert the real packets distribution to destroy the Inter-Arrival Time (IAT) features in the traffic sequence and increase the difference between the datasets with random bidirectional virtual packets padding. We evaluate the defense against state-of-the-art website fingerprinting attacks in real scenarios, and show its effectiveness.

Download Full-text