Oscar Danilo Gavilánez AlvarezGlen Dario Rodriguez Rafael
14页
查看更多>>摘要:The article justifies the need for a specific model of VoIP security auditing that evaluates the incidence of security problems and addresses the challenges in terms of protecting IT resources. The current VoIP security problems are determined based on the analysis of auditing frameworks, and a model based on COBIT 4.1 is proposed to address these problems. As an innovation, the model includes the security culture plan and social engineering from the approach of the user as an IT service customer. In this work, we present the validation of the surveys using Cronbach's alpha and the results of the statistical average of the surveys applied to experts in social engineering and security auditing in VoIP. The proposed VoIP security auditing model, called VoIPSAM, considers four domains – plan and organise, acquire and implement, delivery and support. and monitor and evaluate – which consider specific security policies for its application.
Wilson S. Melo Jr.Lucas S. Dos SantosLucila M.S. BentoPaulo R. Nascimento...
15页
查看更多>>摘要:The monitoring and protection of critical infrastructures, especially the ones involving physical assets (e.g., dams, nuclear energy facilities, governmental buildings), constitute a challenging problem. The failure and collapse of these infrastructures can cause untold consequences. Recent works have proposed blockchains as a tool to improve monitoring systems in different critical infrastructures. However, most previous works lack on presenting a more in-depth discussion about how to implement these solutions. In this paper, we develop a practical approach. We propose a comprehensive framework that describes how to implement a blockchain-based system to monitor and protect critical infrastructures. We implement our framework in two distinct blockchain platforms: Ethereum and Hyperledger Fabric. We compare both implementations and discuss their differences in terms of performance, easiness of development, security, privacy, complexity, and costs. We believe that our results can be valuable for professionals interested in applying blockchain-based solutions to protect critical infrastructures.
查看更多>>摘要:Mobile devices today play an essential role in communications, especially in accessing or storing private information of the users, making it a treasure trove for malicious intent attackers. Additionally, enterprises also encourage use of employee-owned devices resulting in convenience, lower costs and higher employee productivity. In this scenario, an employee's mobile device compromise not only results in leakage of personal information but also enterprise secrets and protected data. Thus, requirement for strong protection of stored data and hardening of mobile devices against malicious attacks is essential. One such approach for an enterprise would be to reinforce underlying Android operating system; the most widely used system due to its open-source nature. In this work, we followed a risk assessment approach and conducted security feature comparison of Android (AOSP) with iPhone's (iOS) to identify potential security enhancements for enterprise use, and later on also performed a comparison of Android custom ROMs to further refine the security enhancements.
查看更多>>摘要:Feature selection is a fundamental phase of anomaly-based intrusion detection. It is a method that selects the near-optimal subset of features to improve efficiency and reduce the number of false positives. This paper presents a new method that combines agglomerative hierarchical clustering (AHC) with a support vector machine (SVM) classifier. An intelligent process classifies features based on their variances for each attack category. Features are selected based on their variance and grouped according to their similarities. An iterative algorithm forms subsets of candidate combinations by combining the obtained attack clusters with the normal ones. The SVM classifier is applied to find the best candidate. NSL-KDD and CICIDS2017 datasets are used. The results show a significant reduction in the number of features. Moreover, it performs very well on all attacks and outperforms other existing approaches. Perfect accuracy of 100% is achieved on Heartbleed, SQL injection, and botnet attacks.
查看更多>>摘要:With the recent developments in the internet of things (IoT), there has been a significant rapid generation of data. Theoretically, machine learning can help edge devices by providing a better analysis and processing of data near the data source. However, solving the nonlinear optimisation problem is time-consuming for IoT edge devices. A standard method for solving the nonlinear optimisation problems in machine learning models is the Broyden-Fletcher-Goldfarb-Shanno (BFGS-QN) method. Since the field-programmable gate arrays (FPGAs) are customisable, reconfigurable, highly parallel and cost-effective, the present study envisaged the implementation of the BFGS-QN algorithm on an FPGA platform. The use of half-precision floating-point numbers and single-precision floating-point numbers to save the FPGA resources were adopted to implement the BFGS-QN algorithm on an FPGA platform. The results indicate that compared to the single-precision floating-point numbers, the implementation of the mixed-precision BFGS-QN algorithm reduced 27.1% look-up tables, 18.2% flip-flops and 17.9% distributed random memory.
NSTL