Dr Rizwan Asghar

Since the concern of privacy leakage extremely discourages user participation in sharing data, federated learning has gradually become a promising technique for both academia and industry for achieving collaborative learning without leaking information about the local data. Unfortunately, most federated learning solutions cannot efficiently verify the execution of each participant's local machine learning model and protect the privacy of user data, simultaneously. In this article, we first propose a Zero-Knowledge Proof-based Federated Learning (ZKP-FL) scheme on blockchain. It leverages zero-knowledge proof for both the computation of local data and the aggregation of local model parameters, aiming to verify the computation process without requiring the plaintext of the local data. We further propose a Practical ZKP-FL (PZKP-FL) scheme to support fraction and non-linear operations. Specifically, we explore a Fraction-Integer mapping function, and use Taylor expansion to efficiently handle non-linear operations while maintaining the accuracy of the federated learning model. We also analyze the security of PZKP-FL. Performance analysis demonstrates that the whole running time of the PZKP-FL scheme is approximately less than one minute in parallel execution.

Providing high‐speed Internet to connect anything in the globe anywhere at any time is becoming the need of future societies, which are built on the smart city concepts. As a pragmatic approach, an integration of terrestrial and satellite networks is proposed for leveraging the combined benefits of both complementary technologies. In addition, with the quest of exploring deep space and connecting solar system planets with the Earth, the traditional satellite network has gone beyond the geosynchronous equatorial orbit (GEO) wherein interplanetary Internet will play a key role. To this end, futuristic satellite networks will be an integration of inter‐satellite and deep space network (ISDSN), which on the one hand will connect thousands of entities on the Earth together and on the other hand will connect deep space satellites with the Earth and solar planets. This chapter demystifies such dynamic networks and classifies them into different tiers. Most importantly, for each tier, we discuss the key requirements, research challenges, and potential security threats. Finally, we present open issues and new research directions in this emerging area of futuristic satellite networks.

Recently, real-world attacks against the web Public Key Infrastructure (PKI) have arisen more frequently. The current PKI that use Registration Authorities/Certificate Authorities (RAs/CAs) model suffer from notorious security vulnerabilities. Most of these vulnerabilities are due to compromises of RAs, which lead to impersonation attacks resulting in CAs misbehaving to issue bogus certificates. To counter this problem, many approaches, such as Certificate Transparency (CT), ARPKI, and PoliCert, have been proposed. Nonetheless, no solution has yet gained widespread acceptance as a result of complexity and deployability issues. Moreover, existing approaches still require to satisfy complicated interactions and synchronisation among the entities that are involved during certificate issuance, updates, and revocations. In this paper, we propose a new Blockchain-Based PKI (BB-PKI) to address these vulnerabilities of CA misbehaviour caused by impersonation attacks against RAs. Certificate Issuance Request (CIR) should be vouched by manifold RAs. Multiple CAs shall sign and issue the certificate using an out-of-band secure communication channel. Any RA that contributes to the verification process of a user's request can publish the certificate in the blockchain by creating a smart contract certificate transaction. BB-PKI offers strong security guarantees, compromising n - 1 of the RAs or CAs is not enough to launch impersonation attacks, meaning that attackers cannot compromise more than the threshold of the latter signatures to launch an attack.

The rapid development in the field of low power circuits and biosensors has created a new area in Wireless Sensor Networks (WSNs), called Wireless Body Area Networks (WBANs). Medical implants are an integral part of a WBAN to measure, monitor, and control various medical conditions. These implants are generally injected inside the human body through an invasive surgical procedure with very limited energy resources available. In case the battery is depleted, the patient potentially needs to go for another surgery to replace the implant. Subsequently, it becomes imperative to propose energy efficient protocols to save energy in the implants. This work proposes a clustering mechanism in medical implants wherein the implants in the immediate proximity form clusters. In particular, the performance of the customized version of Low-Energy Adaptive Clustering Hierarchy (LEACH), modified for the implants' network, is analyzed. The results are compared with the contention-based Medium Access Control (MAC) layer protocol such as pure ALOHA. In addition, a mathematical model to capture the energy consumption details of an implant network is presented. The simulation results demonstrate that a significant amount of energy can be saved using the proposed model. More precisely, the customized LEACH protocol consumes around 10 times less energy as compared to pure ALOHA.

Cybersecurity is an area of growing international importance. In response to global shortages of Cybersecurity skills, many universities have introduced degree programmes in Cybersecurity. These programmes aim to prepare students to become Cybersecurity practitioners with advanced skills in a timely manner. Several universities offer Cybersecurity degrees, but these have been developed ad hoc, as there is currently no internationally accepted Cybersecurity curriculum. Recently, an ITiCSE working group on global perspectives on Cybersecurity education developed a competency-based framework that aims to help institutions to implement Cybersecurity programmes. In this report, we present a case study of a Cybersecurity programme at the University of Auckland. We discuss how the curriculum and resource management of this programme evolved, and we present some challenges for the design and delivery of a Cybersecurity programme in the light of this competency-based framework.

The Publish and Subscribe (pub/sub) system is an established paradigm to disseminate the data from publishers to subscribers in a loosely coupled manner using a network of dedicated brokers. However, sensitive data could be exposed to malicious entities if brokers get compromised or hacked; or even worse, if brokers themselves are curious to learn about the data. A viable mechanism to protect sensitive publications and subscriptions is to encrypt the data before it is disseminated through the brokers. State-of-the-art approaches allow brokers to perform encrypted matching without revealing publications and subscriptions. However, if malicious brokers collude with malicious subscribers or publishers, they can learn the interests of innocent subscribers, even when the interests are encrypted. In this article, we present a pub/sub system that ensures confidentiality of publications and subscriptions in the presence of untrusted brokers. Furthermore, our solution resists collusion attacks between untrusted brokers and malicious subscribers (or publishers). Finally, we have implemented a prototype of our solution to show its feasibility and efficiency.

Vehicle-to-everything (V2X) communication is a powerful concept that not only ensures public safety (e.g., by avoiding road accidents) but also offers many economic benefits (e.g., by optimizing the macroscopic behavior of the traffic across an area). On the one hand, V2X communication brings new business opportunities for many stakeholders, such as vehicle manufacturers, retailers, Mobile Network Operators (MNOs), V2X service providers, and governments. On the other hand, the convergence of these stakeholders to a common platform possesses many technical and business challenges. In this article, we identify the issues and challenges faced by V2X communications, while focusing on the business models. We propose different solutions to potentially resolve the identified challenges in the framework of 5G networks and propose a high-level hierarchy of a potential business model for a 5G-based V2X ecosystem. Moreover, we provide a concise overview of the legislative status of V2X communications across different regions in the world.

Network-based Intrusion Detection System (NIDS) forms the frontline defence against network attacks that compromise the security of the data, systems, and networks. In recent years, Deep Neural Networks (DNNs) have been increasingly used in NIDS to detect malicious traffic due to their high detection accuracy. However, DNNs are vulnerable to adversarial attacks that modify an input example with imperceivable perturbation, which causes a misclassification by the DNN. In security-sensitive domains, such as NIDS, adversarial attacks pose a severe threat to network security. However, existing studies in adversarial learning against NIDS directly implement adversarial attacks designed for Computer Vision (CV) tasks, ignoring the fundamental differences in the detection pipeline and feature spaces between CV and NIDS. It remains a major research challenge to launch and detect adversarial attacks against NIDS. This article surveys the recent literature on NIDS, adversarial attacks, and network defences since 2015 to examine the differences in adversarial learning against deep neural networks in CV and NIDS. It provides the reader with a thorough understanding of DL-based NIDS, adversarial attacks and defences, and research trends in this field. We first present a taxonomy of DL-based NIDS and discuss the impact of taxonomy on adversarial learning. Next, we review existing white-box and black-box adversarial attacks on DNNs and their applicability in the NIDS domain. Finally, we review existing defence mechanisms against adversarial examples and their characteristics.

Social media has become an integral part of modernday society. With increasingly digital societies, individuals have become more familiar and comfortable in using Online Social Networks (OSNs) for just about every aspect of their lives. This higher level of comfort leads to users spilling their emotions on OSNs and eventually their private information. In this work, we aim to investigate the relationship between users' emotions and private information in their tweets. Our research question is whether users' emotions, expressed in their tweets, affect their likelihood to reveal their own private information (privacy leakage) in subsequent tweets. In contrast to existing survey-based approaches, we use an inductive, data-driven approach to answer our research question. We use state-of-the-art techniques to classify users' emotions, and privacy scoring and employ a new technique involving BERT for binary detection of sensitive data. We use two parallel classification frameworks: one that takes the user's emotional state into account and the other for the detection of sensitive data in tweets. Consecutively, we identify individual cases of correlation between the two. We bring the two classifiers together to interpret the changes in both factors over time during a conversation between individuals. Variations were found with respect to the kinds of private information revealed in different states. Our results show that being in negative emotional states, such as sadness, anger or fear, leads to higher privacy leakage than otherwise.

The recent pandemic of COVID-19 has changed the way people socially interact with each other. A huge increase in the usage of social media applications has been observed due to quarantine strategies enforced by many governments across the globe. This has put a great burden on already overloaded cellular networks. It is believed that direct Device-to-Device (D2D) communication can offload a significant amount of traffic from cellular networks, especially during scenarios when residents in a locality aim to share information among them. WiFi Direct is one of the enabling technologies of D2D communications, having a great potential to facilitate various proximity-based applications. In this work, we propose power saving schemes that aim at minimizing energy consumption of user devices across D2D based multi-hop networks. Further, we provide an analytical model to formulate energy consumption of such a network. The simulation results demonstrate that a small modification in the network configuration, such as group size and transmit power can provide considerable energy gains. The observed energy consumption is reduced by 5 times for a throughput loss of 12%. Additionally, we measure the energy per transmitted bit for different configurations of the network. Furthermore, we analyze the behavior of the network, in terms of its energy consumption and throughput, for different file sizes.

Over the years, software applications have captured a big market ranging from smart devices (smartphones, smart wearable devices) to enterprise resource management including Enterprise Resource Planning, office applications, and the entertainment industry (video games and graphics design applications). Protecting the copyright of software applications and protection from malicious software (malware) have been topics of utmost interest for academia and industry for many years. The standard solutions use the software license key or rely on the Operating System (OS) protection mechanisms, such as Google Play Protect. However, some end users have broken these protections to bypass payments for applications that are not free. They have done so by downloading the software from an unauthorised website or by jailbreaking the OS protection mechanisms. As a result, they cannot determine whether the software they download is malicious or not. Further, if the software is uploaded to a third party platform by malicious users, the software developer has no way of knowing about it. In such cases, the authenticity or integrity of the software cannot be guaranteed. There is also a problem of information transparency among software platforms. In this study, we propose an architecture that is based on blockchain technology for providing data transparency, release traceability, and auditability. Our goal is to provide an open framework to allow users, software vendors, and security practitioners to monitor misbehaviour and assess software vulnerabilities for preventing malicious software downloads. Specifically, the proposed solution makes it possible to identify software developers who have gone rogue and are potentially developing malicious software. Furthermore, we introduce an incentive policy for encouraging security engineers, victims and software owners to participate in collaborative works. The outcomes will ensure the wide adoption of a software auditing ecosystem in software markets, specifically for some mobile device manufacturers that have been banned from using the open-source OS such as Android. Consequently, there is a demand for them to verify the application security without completely relying on the OS-specific security mechanisms.

HTTPS refers to an application-specific implementation that runs HyperText Transfer Protocol (HTTP) on top of Secure Socket Layer (SSL) or Transport Layer Security (TLS). HTTPS is used to provide encrypted communication and secure identification of web servers and clients, for different purposes such as online banking and e-commerce. However, many HTTPS vulnerabilities have been disclosed in recent years. Although many studies have pointed out that these vulnerabilities can lead to serious consequences, domain administrators seem to ignore them. In this study, we evaluate the HTTPS security level of Alexa's top 1 million domains from two perspectives. First, we explore which popular sites are still affected by those well-known security issues. Our results show that less than 0.1% of HTTPS-enabled servers in the measured domains are still vulnerable to known attacks including Rivest Cipher 4 (RC4), Compression Ratio Info-Leak Mass Exploitation (CRIME), Padding Oracle On Downgraded Legacy Encryption (POODLE), Factoring RSA Export Keys (FREAK), Logjam, and Decrypting Rivest-Shamir-Adleman (RSA) using Obsolete and Weakened eNcryption (DROWN). Second, we assess the security level of the digital certificates used by each measured HTTPS domain. Our results highlight that less than 0.52% domains use the expired certificate, 0.42% HTTPS certificates contain different hostnames, and 2.59% HTTPS domains use a self-signed certificate. The domains we investigate in our study cover 5 regions (including ARIN, RIPE NCC, APNIC, LACNIC, and AFRINIC) and 61 different categories such as online shopping websites, banking websites, educational websites, and government websites. Although our results show that the problem still exists, we find that changes have been taking place when HTTPS vulnerabilities were discovered. Through this three-year study, we found that more attention has been paid to the use and configuration of HTTPS. For example, more and more domains begin to enable the HTTPS protocol to ensure a secure communication channel between users and websites. From the first measurement, we observed that many domains are still using TLS 1.0 and 1.1, SSL 2.0, and SSL 3.0 protocols to support user clients that use outdated systems. As the previous studies revealed security risks of using these protocols, in the subsequent studies, we found that the majority of domains updated their TLS protocol on time. Our 2020 results suggest that most HTTPS domains use the TLS 1.2 protocol and show that some HTTPS domains are still vulnerable to the existing known attacks. As academics and industry professionals continue to disclose attacks against HTTPS and recommend the secure configuration of HTTPS, we found that the number of vulnerable domain is gradually decreasing every year.

Most recent theoretical literature on program obfuscation is based on notions like virtual black box (VBB) obfuscation and indistinguishability obfuscation (iO). These notions are very strong and are hard to satisfy. Further, they offer far more protection than is typically required in practical applications. On the other hand, the security notions introduced by software security researchers are suitable for practical designs but are not formal or precise enough to enable researchers to provide a quantitative security assurance. Hence, in this paper, we introduce a new formalism for practical program obfuscation that still allows rigorous security proofs. We believe our formalism will make it easier to analyse the security of obfuscation schemes. To show the flexibility and power of our formalism, we give a number of examples. Moreover, we explain the close relationship between our formalism and the task of providing obfuscation challenges.

With the widespread popularity of smartphones and mobile applications, they have gradually penetrated and are widely used in our daily lives, e.g., we use them for online shopping and mobile banking. This has led to an increased demand for securing data processed and stored by smartphones. User authentication is an entry guard for ensuring secure access to smartphones, which aims at verifying a user’s identity. Typically, such a method is text-based authentication. However, the existing text-based authentication solutions bring in the trade-off issue between security and usability. The main reason is short text-based passwords are easy to remember but not secure enough as they are vulnerable to password guessing or shoulder surfing attacks. In contrast, long text-based passwords can ensure security, but they raise usability issues due to the difficulty of memorising, recalling, and inputting passwords. Moreover, the graphical password solutions suffer from shoulder surfing attacks. In this article, we propose an image-based authentication solution for smartphone users to reduce the risk of mounting a shoulder surfing attack. The proposed solution requires users to select and move predefined images to the designated position for passing the authentication check. In a laboratory experiment with 62 participants, we asked them to test the robustness of TIM to resist the existing attacks, and compare the usability with other image-based solutions. An analysis of collected results indicates that the proposed solution can resist password guessing and shoulder surfing attacks. Consequently, more than 85% of participants believed that the proposed solution could mitigate both password guessing and shoulder surfing attacks. Further, 71% of participants think that TIM is more usable compared to the existing solutions. While 50% of them preferred to choose TIM, more than 50% of participants claim that the learning curve of TIM is very short and the configuration is easy.

Satellite communication is becoming a complementary technology in future 5G and beyond networks due to its wider coverage. Similar to any terrestrial network, security has become a major concern in satellite networks. Due to a long distance between ground stations (GS) and satellite transponders and due to its inherited broadcast nature, satellite communication encounters certain limitations such as high bit error rate, high link delays, power control, and large round trip delays. The aforementioned limitations make security techniques proposed for terrestrial networks more challenging in satellite settings. Denial‐of‐service (DoS) and distributed DoS (DDoS) attacks have become one of the most popular security threats in both the terrestrial and satellite networks. In this article, we present a DDoS mitigation technique that can be employed at the GS end in satellite networks. In particular, we simulate Internet Control Message Protocol echo request (ping) flooding across a satellite network and propose a proactive mitigation technique by restricting the number of echo requests a network entity can generate. The simulation results demonstrate that DDoS attacks can be mitigated in satellite networks without affecting the quality of experience of legitimate users.

Software-Defined Networking (SDN) is a virtualised yet promising technology that is gaining attention from both academia and industry. On the one hand, the use of a centralised SDN controller provides dynamic configuration and management in an efficient manner; but on the other hand, it raises several concerns mainly related to scalability and availability. Unfortunately, a centralised SDN controller may be a Single Point Of Failure (SPOF), thus making SDN architectures vulnerable to Distributed Denial of Service (DDoS) attacks. In this paper, we design SMART, a scalable SDN architecture that aims at reducing the risk imposed by the centralised aspects in typical SDN deployments. SMART supports a decentralised control plane where the coordination between switches and controllers is provided using Tuple Spaces. SMART ensures a dynamic mapping between SDN switches and controllers without any need to execute complex migration techniques required in typical load balancing approaches.

Searchable Encryption (SE) is a technique that allows Cloud Service Providers to search over encrypted datasets without learning the content of queries and records. In recent years, many SE schemes have been proposed to protect outsourced data. However, most of them leak sensitive information, from which attackers could still infer the content of queries and records by mounting leakage-based inference attacks, such as the count attack and file-injection attack. In this work, first we define the leakage in searchable encrypted databases and analyse how the leakage is leveraged in existing leakage-based attacks. Second, we propose a Privacy-preserving Multi-cloud based dynamic symmetric SE scheme for relational Database (P-McDb). P-McDb has minimal leakage, which not only ensures confidentiality of queries and records but also protects the search, intersection, and size patterns. Moreover, P-McDb ensures both forward and backward privacy of the database. Thus, P-McDb could resist existing leakage-based attacks, e.g., active file/record-injection attacks. We give security definition and analysis to show how P-McDb hides the aforementioned patterns. Finally, we implemented a prototype of P-McDb and tested it using the TPC-H benchmark dataset. Our evaluation results show that users can get the required records in 2.16 s when searching over 4.1 million records.

[Display omitted] •Proposed the concept of semantic-aware Cyber-physical Systems (SCPSs) that can enable semantic machine-to-machine (M2M) communications between CPSs in the context of collaborative smart manufacturing automation.•Proposed a generic layered architecture for enabling SCPSs via developing a communication layer and semantic layer on top of the existing CPS system architectures. The separation between CPS internal architecture and its external communication concerns ensures a smooth upgrade of a CPS to an SCPS.•Verified the implementation of the proposed architecture via a case study on enabling semantic M2M communications on production status between two machine tools and a case study on enabling distributed data-driven production automation in a workshop. Machine-to-machine (M2M) communication is a crucial technology for collaborative manufacturing automation in the Industrial Internet of Things (IIoT)-empowered industrial networks. The new decentralized manufacturing automation paradigm features ubiquitous communication and interoperable interactions between machines. However, peer-to-peer (P2P) interoperable communications at the semantic level between industrial machines is a challenge. To address this challenge, we introduce a concept of Semantic-aware Cyber-Physical Systems (SCPSs) based on which manufacturing devices can establish semantic M2M communications. In this work, we propose a generic system architecture of SCPS and its enabling technologies. Our proposed system architecture adds a semantic layer and a communication layer to the conventional cyber-physical system (CPS) in order to maximize compatibility with the diverse CPS implementation architecture. With Semantic Web technologies as the backbone of the semantic layer, SCPSs can exchange semantic messages with maximum interoperability following the same understanding of the manufacturing context. A pilot implementation of the presented work is illustrated with a proof-of-concept case study between two semantic-aware cyber-physical machine tools. The semantic communication provided by the SCPS architecture makes ubiquitous M2M communication in a network of manufacturing devices environment possible, laying the foundation for collaborative manufacturing automation for achieving smart manufacturing. Another case study focusing on decentralized production control between machines in a workshop also proved the merits of semantic-aware M2M communication technologies.

Photo Response Non-Uniformity (PRNU) noise-based source camera attribution is a popular digital forensic method. In this method, a camera fingerprint computed from a set of known images of the camera is matched against the extracted noise of an anonymous questionable image to find out if the camera had taken the anonymous image. The possibility of privacy leak, however, is one of the main concerns of the PRNU-based method. Using the camera fingerprint (or the extracted noise), an adversary can identify the owner of the camera by matching the fingerprint with the noise of an image (or with the fingerprint computed from a set of images) crawled from a social media account. In this article, we address this privacy concern by encrypting both the fingerprint and the noise using the Boneh-Goh-Nissim (BGN) encryption scheme, and performing the matching in encrypted domain. To overcome leakage of privacy from the content of an image that is used in the fingerprint calculation, we compute the fingerprint within a trusted environment, such as ARM TrustZone. We present e-PRNU that aims at minimizing privacy loss and allows authorized forensic experts to perform camera attribution. The security analysis shows that the proposed approach is semantically secure. Experimental results show that the run-time computational overhead is 10.26 seconds when a cluster of 64 computing nodes are used.

Customer reviews enable customers to share their experiences with others, which allow potential customers to know more about products and consume products with confidence. However, online product sellers and service providers could manipulate customer reviews, such as adding fake positive reviews and removing negative customer reviews, to support their business. Manipulated reviews could result in distorting the original content of customer reviews and misleading customers. State-of-the-art solutions lack a customer review system that is secure, efficient, and usable. In this paper, we propose RevBloc to provide a customer review system with a high level of security, efficiency, and usability. RevBloc is based on blockchain technology that enables customer reviews to be preserved in a distributed ledger, thus a single or subset of malicious parties cannot manipulate the reviews. To show the feasibility of our approach, we implement a proof-of-concept prototype of RevBloc and report its performance.

Driven by the growing data transfer needs, industry and research institutions are deploying 100 Gb/s networks. As such high-speed networks become prevalent, these also introduce significant technical challenges. In particular, an Intrusion Detection System (IDS) cannot process network activities at such a high rate when monitoring large and diverse traffic volumes, thus resulting in packet drops. Unfortunately, the high packet drop rate has a significant impact on detection accuracy. In this work, we investigate two popular open-source IDSs: Snort and Suricata along with their comparative performance benchmarks to better understand drop rates and detection accuracy in 100 Gb/s networks. More specifically, we study vital factors (including system resource usage, packet processing speed, packet drop rate, and detection accuracy) that limit the applicability of IDSs to high-speed networks. Furthermore, we provide a comprehensive analysis to show the performance impact on IDSs by using different configurations, traffic volumes and different flows. Finally, we identify challenges of using open-source IDSs in high-speed networks and provide suggestions to help network administrators to address identified issues and give some recommendations for developing new IDSs that can be used for high-speed networks. (C) 2020 Elsevier Ltd. All rights reserved.

Software-Defined Networking (SDN) and Internet of Things (IoT) are the trends of network evolution. SDN mainly focuses on the upper level control and management of networks, while IoT aims to bring devices together to enable sharing and monitoring of real-time behaviours through network connectivity. On the one hand, IoT enables us to gather status of devices and networks and to control them remotely. On the other hand, the rapidly growing number of devices challenges the management at the access and backbone layer and raises security concerns of network attacks, such as Distributed Denial of Service (DDoS). The combination of SDN and IoT leads to a promising approach that could alleviate the management issue. Indeed, the flexibility and programmability of SDN could help in simplifying the network setup. However, there is a need to make a security enhancement in the SDN-based IoT network for mitigating attacks involving IoT devices. In this article, we discuss and analyse state-of-the-art DDoS attacks under SDN-based IoT scenarios. Furthermore, we verify our SDN sEcure COntrol and Data plane (SECOD) algorithm to resist DDoS attacks on the real SDN-based IoT testbed. Our results demonstrate that DDoS attacks in the SDN-based IoT network are easier to detect than in the traditional network due to IoT traffic predictability. We observed that random traffic (UDP or TCP) is more affected during DDoS attacks. Our results also show that the probability of a controller becoming halt is 10%, while the probability of a switch getting unresponsive is 40%.

For the easy and flexible management of large scale networks, Software-Defined Networking (SDN) is a strong candidate technology that offers centralisation and programmable interfaces for making complex decisions in a dynamic and seamless manner. On the one hand, there are opportunities for individuals and businesses to build and improve services and applications based on their requirements in the SDN. On the other hand, SDN poses a new array of privacy and security threats, such as Distributed Denial of Service (DDoS) attacks. For detecting and mitigating potential threats, Machine Learning (ML) is an effective approach that has a quick response to anomalies. In this article, we analyse and compare the performance, using different ML techniques, to detect DDoS attacks in SDN, where both experimental datasets and self-generated traffic data are evaluated. Moreover, we propose a simple supervised learning (SL) model to detect flooding DDoS attacks against the SDN controller via the fluctuation of flows. By dividing a test round into multiple pieces, the statistics within each time slot reflects the variation of net-work behaviours. And this "trend" can be recruited as samples to train a predictor to understand the net-work status, as well as to detect DDoS attacks. We verify the outcome through simulations and measurements over a real testbed. Our main goal is to find a lightweight SL model to detect DDoS attacks with data and features that can be easily obtained. Our results show that SL is able to detect DDoS attacks with a single feature. The performance of the analysed SL algorithms is influenced by the size of training set and parameters used. The accuracy of prediction using the same SL model could be entirely different depending on the training set.(c) 2022 Karabuk University. Publishing services by Elsevier B.V. This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/).

A major gap in cybersecurity studies, especially as it relates to cyber risk, is the lack of comprehensive formal knowledge representation, and often a limited view, mainly based on abstract security concepts with limited context. Additionally, much of the focus is on the attack and the attacker, and a more complete view of risk assessment has been inhibited by the lack of knowledge from the defender landscape, especially in the matter of the impact and performance of compensating controls. In this study, we will start by defining a conceptual ontology that integrates concepts that model all of cybersecurity entities. We will then present an adaptive risk reasoning approach with a particular focus on defender activities. The main purpose is to provide a more complete view, from the defender perspective, that bridges the gap between risk assessment theories and practical cybersecurity operations in real-world deployments.

A Content Delivery Network (CDN) is a distributed system composed of a large number of nodes that allows users to request objects from nearby nodes. CDN not only reduces end-to-end latency on the user side but also offloads Content Providers (CPs), providing resilience against Distributed Denial of Service (DDoS) attacks. However, by caching objects and processing user requests, CDN providers could infer user preferences and the popularity of objects, thus resulting in information leakage. Unfortunately, such information leakage may result in loss of user privacy and reveal business-specific information to untrusted or compromised CDN providers. State-of-the-art solutions can protect the content of sensitive objects but cannot prevent CDN providers from inferring user preferences and the popularity of objects. In this work, we present a privacy-preserving encrypted CDN system to hide not only the content of objects and user requests, but also protect user preferences and the popularity of objects from curious CDN providers. We employ encryption to protect the objects and user requests in a way that both the CDNs and CPs can perform the search operations without accessing objects and requests in cleartext. Our proposed system is based on a scalable key management approach for multi-user access, where no key regeneration and data re-encryption are needed for user revocation. We have implemented a prototype of the system and show its practical efficiency.