security operations
Recently Published Documents


TOTAL DOCUMENTS

354
(FIVE YEARS 161)

H-INDEX

8
(FIVE YEARS 4)

2022 ◽  
Vol 18 (1) ◽  
pp. 1-18
Author(s):  
Carson Labrado ◽  
Himanshu Thapliyal ◽  
Saraju P. Mohanty

Within vehicles, the Controller Area Network (CAN) allows efficient communication between the electronic control units (ECUs) responsible for controlling the various subsystems. The CAN protocol was not designed to include much support for secure communication. The fact that so many critical systems can be accessed through an insecure communication network presents a major security concern. Adding security features to CAN is difficult due to the limited resources available to the individual ECUs and the costs that would be associated with adding the necessary hardware to support any additional security operations without overly degrading the performance of standard communication. Replacing the protocol is another option, but it is subject to many of the same problems. The lack of security becomes even more concerning as vehicles continue to adopt smart features. Smart vehicles have a multitude of communication interfaces an attacker could exploit to gain access to the networks. In this work, we propose a security framework that is based on physically unclonable functions (PUFs) and lightweight cryptography (LWC). The framework does not require any modification to the standard CAN protocol while also minimizing the amount of additional message overhead required for its operation. The improvements in our proposed framework result in major reduction in the number of CAN frames that must be sent during operation. For a system with 20 ECUs, for example, our proposed framework only requires 6.5% of the number of CAN frames that is required by the existing approach to successfully authenticate every ECU.


Telecom ◽  
2022 ◽  
Vol 3 (1) ◽  
pp. 52-69
Author(s):  
Jabed Al Faysal ◽  
Sk Tahmid Mostafa ◽  
Jannatul Sultana Tamanna ◽  
Khondoker Mirazul Mumenin ◽  
Md. Mashrur Arifin ◽  
...  

In the past few years, Internet of Things (IoT) devices have evolved faster and the use of these devices is exceedingly increasing to make our daily activities easier than ever. However, numerous security flaws persist on IoT devices due to the fact that the majority of them lack the memory and computing resources necessary for adequate security operations. As a result, IoT devices are affected by a variety of attacks. A single attack on network systems or devices can lead to significant damages in data security and privacy. However, machine-learning techniques can be applied to detect IoT attacks. In this paper, a hybrid machine learning scheme called XGB-RF is proposed for detecting intrusion attacks. The proposed hybrid method was applied to the N-BaIoT dataset containing hazardous botnet attacks. Random forest (RF) was used for the feature selection and eXtreme Gradient Boosting (XGB) classifier was used to detect different types of attacks on IoT environments. The performance of the proposed XGB-RF scheme is evaluated based on several evaluation metrics and demonstrates that the model successfully detects 99.94% of the attacks. After comparing it with state-of-the-art algorithms, our proposed model has achieved better performance for every metric. As the proposed scheme is capable of detecting botnet attacks effectively, it can significantly contribute to reducing the security concerns associated with IoT systems.


2022 ◽  
pp. 0095327X2110665
Author(s):  
Ayfer Genç Yılmaz

The civil-military relations literature on Turkey focuses predominantly on the guardianship role of the Turkish military, its interventions, and the role of the National Security Council as the main institutional mechanism of military tutelage. Yet, the existing studies lack a much-needed focus on the law enforcement or policing missions of the Turkish military. To fill this gap, this study discusses the EMASYA Protocol ( Emniyet Asayiş Yardımlaşma or Security and Public Order Assistance), a secret protocol signed in 1997. Emerging in the context of political instability and military tutelage of the 1990s, the Protocol enabled the military to conduct internal security operations without permission from the civilian authorities. This paper argues that the EMASYA Protocol provided a sphere of “reformulated new professionalism” for the Turkish military, enabled it to specialize in the war against rising internal threats such as reactionary Islam and Kurdish separatism, and created anomalies in civil-military relations in Turkey.


2022 ◽  
pp. 387-434
Author(s):  
Robert McCrie ◽  
Seungmug (Zech) Lee

2022 ◽  
pp. 3-36
Author(s):  
Robert McCrie ◽  
Seungmug (Zech) Lee
Keyword(s):  

2022 ◽  
Author(s):  
Morgan Shepherd ◽  
Stuart Steiner ◽  
Daniel Conte De Leon ◽  
Miloslava Plachkinova

2022 ◽  
pp. 587-610
Author(s):  
Kathick Raj Elangovan

In recent times, cyber-attacks have been a significant problem in any organization. It can damage the brand name if confidential data is compromised. A robust cybersecurity framework should be an essential aspect of any organization. This chapter talks about the security framework for cyber threats in supply chain management and discusses in detail the implementation of a secure environment through various controls. Today, a systematic method is used for handling sensitive information in an organization. It includes processes, people, and IT systems by implementing a risk management method. Distinct controls dedicated to different levels of domains, namely human resources, access control, asset management, cryptography, physical security, operations security, supplier relations, acquisition, incident management, and security governance are provided. Companies, contractors, and any others who are part of the supply chain organization must follow this security framework to defend from any cyber-attacks.


2021 ◽  
Vol 12 (1) ◽  
pp. 155
Author(s):  
Chaeyeon Oh ◽  
Joonseo Ha ◽  
Heejun Roh

Recently, a majority of security operations centers (SOCs) have been facing a critical issue of increased adoption of transport layer security (TLS) encryption on the Internet, in network traffic analysis (NTA). To this end, in this survey article, we present existing research on NTA and related areas, primarily focusing on TLS-encrypted traffic to detect and classify malicious traffic with deployment scenarios for SOCs. Security experts in SOCs and researchers in academia can obtain useful information from our survey, as the main focus of our survey is NTA methods applicable to malware detection and family classification. Especially, we have discussed pros and cons of three main deployment models for encrypted NTA: TLS interception, inspection using cryptographic functions, and passive inspection without decryption. In addition, we have discussed the state-of-the-art methods in TLS-encrypted NTA for each component of a machine learning pipeline, typically used in the state-of-the-art methods.


Sign in / Sign up

Export Citation Format

Share Document