Analysis of Trending Topics and Text-based Channels of Information Delivery in Cybersecurity

Computer users are generally faced with difficulties in making correct security decisions. While an increasingly fewer number of people are trying or willing to take formal security training, online sources including news, security blogs, and websites are continuously making security knowledge more accessible. Analysis of cybersecurity texts from this grey literature can provide insights into the trending topics and identify current security issues as well as how cyber attacks evolve over time. These in turn can support researchers and practitioners in predicting and preparing for these attacks. Comparing different sources may facilitate the learning process for normal users by creating the patterns of the security knowledge gained from different sources. Prior studies neither systematically analysed the wide range of digital sources nor provided any standardisation in analysing the trending topics from recent security texts. Moreover, existing topic modelling methods are not capable of identifying the cybersecurity concepts completely and the generated topics considerably overlap. To address this issue, we propose a semi-automated classification method to generate comprehensive security categories to analyse trending topics. We further compare the identified 16 security categories across different sources based on their popularity and impact. We have revealed several surprising findings as follows: (1) The impact reflected from cybersecurity texts strongly correlates with the monetary loss caused by cybercrimes, (2) security blogs have produced the context of cybersecurity most intensively, and (3) websites deliver security information without caring about timeliness much.

Artificial Intelligence Security: Threats and Countermeasures

In recent years, with rapid technological advancement in both computing hardware and algorithm, Artificial Intelligence (AI) has demonstrated significant advantage over human being in a wide range of fields, such as image recognition, education, autonomous vehicles, finance, and medical diagnosis. However, AI-based systems are generally vulnerable to various security threats throughout the whole process, ranging from the initial data collection and preparation to the training, inference, and final deployment. In an AI-based system, the data collection and pre-processing phase are vulnerable to sensor spoofing attacks and scaling attacks, respectively, while the training and inference phases of the model are subject to poisoning attacks and adversarial attacks, respectively. To address these severe security threats against the AI-based systems, in this article, we review the challenges and recent research advances for security issues in AI, so as to depict an overall blueprint for AI security. More specifically, we first take the lifecycle of an AI-based system as a guide to introduce the security threats that emerge at each stage, which is followed by a detailed summary for corresponding countermeasures. Finally, some of the future challenges and opportunities for the security issues in AI will also be discussed.

Detection of Sybil attack in vehicular ad hoc networks by analyzing network performance

<span>Vehicular ad hoc network (VANET) is an emerging technology which can be very helpful for providing safety and security as well as for intelligent transportation services. But due to wireless communication of vehicles and high mobility it has certain security issues which cost the safety and security of people on the road. One of the major security concerns is the Sybil attack in which the attacker creates dummy identities to gain high influence in the network that causes delay in some services and fake voting in the network to misguide others. The early detection of this attack can prevent people from being misguided by the attacker and save them from getting into any kind of trap. In this research paper, Sybil attack is detected by first applying the Poisson distribution algorithm to predict the traffic on the road and in the second approach, analysis of the network performance for packet delivery ratio (PDR) is performed in malign and benign environment. The simulation result shows that PDR decreases in presence of fake vehicles in the network. Our approach is simple and effective as it does not require high computational overhead and also does not violate the privacy issues of people in the network.</span>

Centralized, Distributed, and Everything in between

The Internet of Things is taking hold in our everyday life. Regrettably, the security of IoT devices is often being overlooked. Among the vast array of security issues plaguing the emerging IoT, we decide to focus on access control, as privacy, trust, and other security properties cannot be achieved without controlled access. This article classifies IoT access control solutions from the literature according to their architecture (e.g., centralized, hierarchical, federated, distributed) and examines the suitability of each one for access control purposes. Our analysis concludes that important properties such as auditability and revocation are missing from many proposals while hierarchical and federated architectures are neglected by the community. Finally, we provide an architecture-based taxonomy and future research directions: a focus on hybrid architectures, usability, flexibility, privacy, and revocation schemes in serverless authorization.

Blockchain Technology - Based Solutions for IOT Security

Blockchain innovation has picked up expanding consideration from investigating and industry over the later a long time. It permits actualizing in its environment the smart-contracts innovation which is utilized to robotize and execute deals between clients. Blockchain is proposed nowadays as the unused specialized foundation for a few sorts of IT applications. Blockchain would aid avoid the duplication of information because it right now does with Bitcoin and other cryptocurrencies. Since of the numerous hundreds of thousands of servers putting away the Bitcoin record, it’s impossible to assault and alter. An aggressor would need to change the record of 51 percent of all the servers, at the precise same time. The budgetary fetched of such an assault would distantly exceed the potential picks up. The same cannot be said for our private data that lives on single servers possessed by Google and Amazon. In this paper, we outline major Blockchain technology that based as solutions for IOT security. We survey and categorize prevalent security issues with respect to IoT data privacy, in expansion to conventions utilized for organizing, communication, and administration. We diagram security necessities for IoT together with the existing scenarios for using blockchain in IoT applications.

Juice Jacking: Security Issues and Improvements in USB Technology

For a reliable and convenient system, it is essential to build a secure system that will be protected from outer attacks and also serve the purpose of keeping the inner data safe from intruders. A juice jacking is a popular and spreading cyber-attack that allows intruders to get inside the system through the web and theive potential data from the system. For peripheral communications, Universal Serial Bus (USB) is the most commonly used standard in 5G generation computer systems. USB is not only used for communication, but also to charge gadgets. However, the transferal of data between devices using USB is prone to various security threats. It is necessary to maintain the confidentiality and sensitivity of data on the bus line to maintain integrity. Therefore, in this paper, a juice jacking attack is analyzed, using the maximum possible means through which a system can be affected using USB. Ten different malware attacks are used for experimental purposes. Various machine learning and deep learning models are used to predict malware attacks. An extensive experimental analysis reveals that the deep learning model can efficiently recognize the juice jacking attack. Finally, various techniques are discussed that can either prevent or avoid juice jacking attacks.

Survey on Reverse-Engineering Tools for Android Mobile Devices

With the presence of the Internet and the frequent use of mobile devices to send several transactions that involve personal and sensitive information, it becomes of great importance to consider the security aspects of mobile devices. And with the increasing use of mobile applications that are utilized for several purposes such as healthcare or banking, those applications have become an easy and attractive target for attackers who want to get access to mobile devices and obtain users’ sensitive information. Developing a secure application is very important; otherwise, attackers can easily exploit vulnerabilities in mobile applications which lead to serious security issues such as information leakage or injecting applications with malicious programs to access user data. In this paper, we survey the literature on application security on mobile devices, specifically mobile devices running on the Android platform, and exhibit security threats in the Android system. In addition, we study many reverse-engineering tools that are utilized to exploit vulnerabilities in applications. We demonstrate several reverse-engineering tools in terms of methodology, security holes that can be exploited, and how to use these tools to help in developing more secure applications.

The evolution of the Gulf Coopera-tion Council approaches to security issues after the Arab Spring

The painful consequences of political, economic and social shocks provoked by the Arab Spring forced the political elites of the Middle Eastern states to revisit traditional approaches to maintaining stability and security in the region. This inevitably aff ected the activities of the Gulf Cooperation Council, which was from the outset established in order to enhance cooperation between the countries of the region primarily in the fi eld of security. This paper attempts to identify the key milestones, factors and trends that have shaped the GCC decision-making process in the security sphere over the past 10 years since the beginning of the Arab Spring. The author shows that the Arab Awakening has encouraged the GCC member-states to deepen military-political integration, aimed at strengthening their defense capabilities, as well as their abilities to respond to external and internal challenges. The author notes that the GCC countries still view Iran as the main source of all these threats; moreover, con-sidering substantial strengthening of Iran’s infl uence in the Middle East their position has even hardened. Tehran is accused of meddling in the internal aff airs of the GCC member-states, supporting illegal Shiite groups operating on their territory, and instigating religious discord. In this context, it is quite natural that the Iran’s nuclear programme is of particular concern to the GCC. At the same time, the author emphasizes, that although the GCC member-states declare common approach towards Iran, their practical actions can vary signifi cantly. In particular, it was Qatar which opposed an excessively hard-line approach towards Iran. This fact, as well as accusations against Doha of supporting terrorist and extremist groups, led to two crises that shook the GCC in the 2010s. However, the fact that these crises have been eventually settled shows that security issues still press regional actors towards strengthening the capacities of the GCC. Especially since military threats have been compounded by a new threat — of the outbreak of the SARS-CoV-2 pandemic. The author concludes that this new threat, which has already incited the GCC to promote cooperation in a health sector, will also strengthen the member-states’ focus on various nonmilitary challenges including epidemiological and environmental ones.

Developing an Efficient Secure Query Processing Algorithm on Encrypted Databases using Data Compression

Distributed computing includes putting aside the data utilizing outsider storage and being able to get to this information from a place at any time. Due to the advancement of distributed computing and databases, high critical data are put in databases. However, the information is saved in outsourced services like Database as a Service (DaaS), security issues are raised from both server and client-side. Also, query processing on the database by different clients through the time-consuming methods and shared resources environment may cause inefficient data processing and retrieval. Secure and efficient data regaining can be obtained with the help of an efficient data processing algorithm among different clients. This method proposes a well-organized through an Efficient Secure Query Processing Algorithm (ESQPA) for query processing efficiently by utilizing the concepts of data compression before sending the encrypted results from the server to clients. We have addressed security issues through securing the data at the server-side by an encrypted database using CryptDB. Encryption techniques have recently been proposed to present clients with confidentiality in terms of cloud storage. This method allows the queries to be processed using encrypted data without decryption. To analyze the performance of ESQPA, it is compared with the current query processing algorithm in CryptDB. Results have proven the efficiency of storage space is less and it saves up to 63% of its space.