Cybersecurity Risk Management through Behavior-Based Contextual Analysis of Online Logs

This paper studies cyber risk management by integrating contextual log analysis with User and Entity Behavior Analytics (UEBA). Leveraging Python scripting and PostgreSQL database management, the solution enriches log data with contextual and behavioral information from Linux system logs and semantic datasets. By incorporating Common Vulnerability Scoring System (CVSS) metrics and customized risk scoring algorithms, the system calculates Insider Threat scores to identify potential security breaches. The integration of contextual log analysis and UEBA [1] offers a proactive defense against insider threats, reducing false positives and prioritizing high-risk alerts.

A Comparative Analysis of Cybersecurity Threat Taxonomies for Healthcare Organizations

Information technology is critical in coordinating patient records, smart devices, operations, and critical infrastructure in healthcare organizations, and their constantly changing digital environment, including suppliers, doctors, insurance providers, and regulatory agencies. This dependence on interdependent systems makes this sector vulnerable to various information technology risks. Such threats include common cybersecurity risks such as data breaches and malware attacks, unique problems occurring in healthcare settings such as unauthorized access to patient records, disruptions in services provided at medical facilities, and potential harm caused to patients due to the compromise of medical devices. The threat taxonomies, such as the Open Threat Taxonomy, NIST, or ENISA, are foundational frameworks for grasping and categorizing IT threats. However, these taxonomies were not specifically designed to deal with the complexities of the healthcare industry. The problem arises from the gap between these taxonomies’ general nature and the industry-specific threats and vulnerabilities that affect healthcare organizations. As a result, many healthcare institutions fail to holistically address and eliminate the unique risks related to confidentiality, integrity, and availability of patients’ data as well as critical systems used in healthcare. This paper aims to narrow this gap by carefully assessing these taxonomies to determine the frame-work best suited for addressing the threat environment in the healthcare sector.

User Profile & Attitude Analysis Based on Unstructured Social Media and Online Activity

As social media and online activity continue to pervade all age groups, it serves as a crucial platform for sharing personal experiences and opinions as well as information about attitudes and preferences for certain interests or purchases. This generates a wealth of behavioral data, which, while invaluable to businesses, researchers, policymakers, and the cybersecurity sector, presents significant challenges due to its unstructured nature. Existing tools for analyzing this data often lack the capability to effectively retrieve and process it comprehensively. This paper addresses the need for an advanced analytical tool that ethically and legally collects and analyzes social media data and online activity logs, constructing detailed and structured user profiles. It reviews current solutions, highlights their limitations, and introduces a new approach, the Advanced Social Analyzer (ASAN), that bridges these gaps. The proposed solutions technical aspects, implementation, and evaluation are discussed, with results compared to existing methodologies. The paper concludes by suggesting future research directions to further enhance the utility and effectiveness of social media data analysis.

Design & Test of an Advanced Web Security Analysis Tool (AWSAT)

Considering the escalating frequency and sophistication of cyber threats targeting web applications, this paper proposes the development of an automated web security analysis tool to address the accessibility gap for non-security professionals. This paper presents the design and implementation of an automated web security analysis tool, AWSAT, aimed at enabling individuals with limited security expertise to effectively assess and mitigate vulnerabilities in web applications. Leveraging advanced scanning techniques, the tool identifies common threats such as Cross-Site Scripting (XSS), SQL Injection, and Cross-Site Request Forgery (CSRF), providing detailed reports with actionable insights. By integrating sample payloads and reference study links, the tool facilitates informed decision-making in enhancing the security posture of web applications. Through its user-friendly interface and robust functionality, the tool aims to democratize web security practices, empowering a wider audience to proactively safeguard against cyber threats.

Security Vulnerability Analyses of Large Language Models (LLMs) through Extension of the Common Vulnerability Scoring System (CVSS) Framework

Large Language Models (LLMs) have revolutionized Generative Artificial Intelligence (GenAI) tasks, becoming an integral part of various applications in society, including text generation, translation, summarization, and more. However, their widespread usage emphasizes the critical need to enhance their security posture to ensure the integrity and reliability of their outputs and minimize harmful effects. Prompt injections and training data poisoning attacks are two of the most prominent vulnerabilities in LLMs, which could potentially lead to unpredictable and undesirable behaviors, such as biased outputs, misinformation propagation, and even malicious content generation. The Common Vulnerability Scoring System (CVSS) framework provides a standardized approach to capturing the principal characteristics of vulnerabilities, facilitating a deeper understanding of their severity within the security and AI communities. By extending the current CVSS framework, we generate scores for these vulnerabilities such that organizations can prioritize mitigation efforts, allocate resources effectively, and implement targeted security measures to defend against potential risks.

A Framework for Cybersecurity Alert Distribution and Response Network (ADRIAN)

Security Information and Event Management (SIEM) platforms are critical for organizations to monitor and manage their security operations centers. However, organizations using SIEM platforms have several challenges such as inefficiency of alert management and integration with real-time communication tools. These challenges cause delays and cost penalties for organizations in their efforts to resolve the alerts and potential security breaches. This paper introduces a cybersecurity Alert Distribution and Response Network (Adrian) system. Adrian introduces a novel enhancement to SIEM platforms by integrating SIEM functionalities with real-time collaboration platforms. Adrian leverages the uniquity of mobile applications of collaboration platforms to provide real-time alerts, enabling a two-way communication channel that facilitates immediate response to security incidents and efficient SIEM platform management. To demonstrate Adrian’s capabilities, we have introduced a case-study that integrates Wazuh, a SIEM platform, to Slack, a collaboration platform. The case study demonstrates all the functionalities of Adrian including the real-time alert distribution, alert customization, alert categorization, and enablement of management activities, thereby increasing the responsiveness and efficiency of Adrian’s capabilities. The study concludes with a discussion on the potential expansion of Adrian’s capabilities including the incorporation of artificial intelligence (AI) for enhanced alert prioritization and response automation.

Enhanced Memory-Safe Linux Security Modules (eLSMs) for Improving Security of Docker Containers for Data Centers

The adoption of Docker containers has revolutionized software deployment by providing a lightweight and efficient way to isolate applications in data centers. However, securing these containers, especially when handling sensitive data, poses significant challenges. Traditional Linux Security Modules (LSMs) such as SELinux and AppArmor have limitations in providing fine-grained access control to files within containers. This paper presents a novel approach using eBPF (extended Berkeley Packet Filter) to implement a LSM that focuses on file-oriented access control within Docker containers. The module allows the specification of policies that determine which programs can access sensitive files, providing enhanced security without relying solely on the host operating system’s major LSM.

Ad Blockers & Online Privacy: A Comparative Analysis of Privacy Enhancing Technologies (PET)

Online tracking mechanisms employed by internet companies for user profiling and targeted advertising raise major privacy concerns. Despite efforts to defend against these mechanisms, they continue to evolve, rendering many existing defences ineffective. This study performs a large-scale measurement of online tracking mechanisms across a large pool of websites using the OpenWPM (Open Web Privacy Measurement) platform. It systematically evaluates the effectiveness of several ad blockers and underlying Privacy Enhancing Technologies (PET) that are primarily used to mitigate different tracking techniques. By quantifying the strengths and limitations of these tools against modern tracking methods, the findings highlight gaps in existing privacy protections. Actionable recommendations are provided to enhance user privacy defences, guide tool developers and inform policymakers on addressing invasive online tracking practices.

A Design of an SMTP Email Server

This study developed a mail server program using Socket API and Python.The program uses the Hypertext Transfer Protocol(HTTP)to receive emails from browser clients and forward them to actual email service providers via the Simple Mail Transfer Protocol(SMTP).As a web server,it handles Transmission Control Protocol(TCP)connection requests from browsers,receives HTTP commands and email data,and temporarily stores the emails in a file.Simultaneously,as an SMTP client,the program establishes a TCP connection with the actual mail server,sends SMTP commands,and transmits the previously saved emails.In addition,we also analyzed security issues and the efficiency and availability of this server,providing insights into the design of SMTP mail servers.

Smaller & Smarter: Score-Driven Network Chaining of Smaller Language Models

With the continuous evolution and expanding applications of Large Language Models (LLMs), there has been a noticeable surge in the size of the emerging models. It is not solely the growth in model size, primarily measured by the number of parameters, but also the subsequent escalation in computational demands, hardware and software prerequisites for training, all culminating in a substantial financial investment as well. In this paper, we present novel techniques like supervision, parallelization, and scoring functions to get better results out of chains of smaller language models, rather than relying solely on scaling up model size. Firstly, we propose an approach to quantify the performance of a Smaller Language Models (SLM) by introducing a corresponding supervisor model that incrementally corrects the encountered errors. Secondly, we propose an approach to utilize two smaller language models (in a network) performing the same task and retrieving the best relevant output from the two, ensuring peak performance for a specific task. Experimental evaluations establish the quantitative accuracy improvements on financial reasoning and arithmetic calculation tasks from utilizing techniques like supervisor models (in a network of model scenario), threshold scoring and parallel processing over a baseline study.

DeepPOSE:Detecting GPS spoofing attack via deep recurrent neural network

The Global Positioning System(GPS)has become a foundation for most location-based services and navigation systems,such as autonomous vehicles,drones,ships,and wearable devices.However,it is a challenge to verify if the reported geographic locations are valid due to various GPS spoofing tools.Pervasive tools,such as Fake GPS,Lockito,and software-defined radio,enable ordinary users to hijack and report fake GPS coordinates and cheat the monitoring server without being detected.Furthermore,it is also a challenge to get accurate sensor readings on mobile devices because of the high noise level introduced by commercial motion sensors.To this end,we propose DeepPOSE,a deep learning model,to address the noise introduced in sensor readings and detect GPS spoofing attacks on mobile platforms.Our design uses a convolutional and recurrent neural network to reduce the noise,to recover a vehicle's real-time trajectory from multiple sensor inputs.We further propose a novel scheme to map the constructed trajectory from sensor readings onto the Google map,to smartly eliminate the accumulation of errors on the trajectory estimation.The reconstructed trajectory from sensors is then used to detect the GPS spoofing attack.Compared with the existing method,the proposed approach demonstrates a significantly higher degree of accuracy for detecting GPS spoofing attacks.

Strengthening effect of super typhoon Rammasun(2014)on upwelling and cold eddies in the South China Sea

Typhoon is one of the frequent natural disasters in coastal regions of China.As shown in many studies,the impact of typhoons on the South China Sea(SCS)should not be overlooked.Super typhoon Rammasun(2014)was studied that formed in the northwestern Pacific,passed through the SCS,then landed in the Leizhou Peninsula.Remote sensing data and model products were used to analyze the spatiotemporal variations of the cold eddies,upwelling,sea surface temperature,mixed layer depth,rainfall,sea surface salinity,suspended sediment concentration,and surface-level anomaly.Results confirm the constant presence of upwelling and cold eddies in the southeast of Hainan(north of the Zhongsha Islands)and the southeast of Vietnam in July.In addition,we found the strengthening effect of super typhoon Rammasun on the upwelling and cold eddies in the SCS.The major reasons for the continuous decrease in sea surface temperature and the slow regaining of seawater temperature were the enhanced upwelling and vertical mixing caused by the typhoon.The increasing of the surface runoff in the Indochina Peninsula was mainly affected by the typhoon,with some contribution for the southeast of Vietnam’s cold eddy and upwelling.

Intelligent Preamble Allocation for Coexistence of mMTC/URLLC Devices:A Hierarchical Q-Learning Based Approach

The emergence of various commercial and industrial Internet of Things(IoT)devices has brought great convenience to people’s life and production.Both low-power,massively connected mMTC devices(MDs)and highly reliable,low-latency URLLC devices(UDs)play an important role in different application scenarios.However,when dense MDs and UDs periodically initiate random access(RA)to connect the base station and send data,due to the limited preamble resources,preamble collisions are likely to occur,resulting in device access failure and data transmission delay.At the same time,due to the highreliability demands of UDs,which require smooth access and fast data transmission,it is necessary to reduce the failure rate of their RA process.To this end,we propose an intelligent preamble allocation scheme,which uses hierarchical reinforcement learning to partition the UD exclusive preamble resource pool at the base station side and perform preamble selection within each RA slot at the device side.In particular,considering the limited processing capacity and energy of IoT devices,we adopt the lightweight Qlearning algorithm on the device side and design simple states and actions for them.Experimental results show that the proposed intelligent scheme can significantly reduce the transmission failure rate of UDs and improve the overall access success rate of devices.

A Comprehensive Analysis of Datasets for Automotive Intrusion Detection Systems

Recently,automotive intrusion detection systems(IDSs)have emerged as promising defense approaches to counter attacks on in-vehicle networks(IVNs).However,the effectiveness of IDSs relies heavily on the quality of the datasets used for training and evaluation.Despite the availability of several datasets for automotive IDSs,there has been a lack of comprehensive analysis focusing on assessing these datasets.This paper aims to address the need for dataset assessment in the context of automotive IDSs.It proposes qualitative and quantitative metrics that are independent of specific automotive IDSs,to evaluate the quality of datasets.These metrics take into consideration various aspects such as dataset description,collection environment,and attack complexity.This paper evaluates eight commonly used datasets for automotive IDSs using the proposed metrics.The evaluation reveals biases in the datasets,particularly in terms of limited contexts and lack of diversity.Additionally,it highlights that the attacks in the datasets were mostly injected without considering normal behaviors,which poses challenges for training and evaluating machine learning-based IDSs.This paper emphasizes the importance of addressing the identified limitations in existing datasets to improve the performance and adaptability of automotive IDSs.The proposed metrics can serve as valuable guidelines for researchers and practitioners in selecting and constructing high-quality datasets for automotive security applications.Finally,this paper presents the requirements for high-quality datasets,including the need for representativeness,diversity,and balance.

A new method of constructing adversarial examplesfor quantum variational circuits

A quantum variational circuit is a quantum machine learning model similar to a neural network.A crafted adversarial example can lead to incorrect results for the model.Using adversarial examples to train the model will greatly improve its robustness.The existing method is to use automatic differentials or finite difference to obtain a gradient and use it to construct adversarial examples.This paper proposes an innovative method for constructing adversarial examples of quantum variational circuits.In this method,the gradient can be obtained by measuring the expected value of a quantum bit respectively in a series quantum circuit.This method can be used to construct the adversarial examples for a quantum variational circuit classifier.The implementation results prove the effectiveness of the proposed method.Compared with the existing method,our method requires fewer resources and is more efficient.

Quantum private comparison of arbitrary single qubit states based on swap test

By using swap test,a quantum private comparison(QPC) protocol of arbitrary single qubit states with a semi-honest third party is proposed.The semi-honest third party(TP) is required to help two participants perform the comparison.She can record intermediate results and do some calculations in the whole process of the protocol execution,but she cannot conspire with any of participants.In the process of comparison,the TP cannot get two participants’ private information except the comparison results.According to the security analysis,the proposed protocol can resist both outsider attacks and participants’ attacks.Compared with the existing QPC protocols,the proposed one does not require any entanglement swapping technology,but it can compare two participants’ qubits by performing swap test,which is easier to implement with current technology.Meanwhile,the proposed protocol can compare secret integers.It encodes secret integers into the amplitude of quantum state rather than transfer them as binary representations,and the encoded quantum state is compared by performing the swap test.Additionally,the proposed QPC protocol is extended to the QPC of arbitrary single qubit states by using multi-qubit swap test.

Vulnerability Analysis of MEGA Encryption Mechanism

MEGA is an end-to-end encrypted cloud storage platform controlled by users.Moreover,the communication between MEGA client and server is carried out under the protection of Transport Layer Security(TLS)encryption,it is difficult to intercept the key data packets in the process of MEGA registration,login,file data upload,and download.These characteristics of MEGA have brought great difficulties to its forensics.This paper presents a method to attack MEGA to provide an effective method for MEGA’s forensics.By debugging the open-source code of MEGA and analyzing the security white paper published,this paper first clarifies the encryption mechanism of MEGA,including the detailed process of registration,login,and file encryption,studies the encryption mechanism of MEGA from the perspective of protocol analysis,and finds out the vulnerability of MEGA encryption mechanism.On this basis,a method to attack MEGA is proposed,and the secret data stored in the MEGA server can be accessed or downloaded;Finally,the efficiency of the attack method is analyzed,and some suggestions to resist this attack method are put forward.

Recent advances in high charge density triboelectric nanogenerators

Triboelectric materials with high charge density are the building-block for the commercial application of triboelectric nanogenerators(TENGs).Unstable dynamic processes influence the change of the charge density on the surface and inside of triboelectric materials.The charge density of triboelectric materials depends on the surface and the internal charge transfer processes.The focus of this review is on recent advances in high charge density triboelectric materials and advances in the fabrication of TENGs.We summarize the existing strategies for achieving high charge density in triboelectric materials as well as their fundamental properties.We then review current optimization methods for regulating dynamic charge transfer processes to increase the output charge density:first,increasing charge injection and limiting charge dissipation to achieve a high average surface charge density,and second,regulating the internal charge transfer process and storing charge in triboelectric materials to increase the output charge density.Finally,we present the challenges and prospects in developing high-performance triboelectric materials.

Evaluating Privacy Leakage and Memorization Attacks on Large Language Models (LLMs) in Generative AI Applications

The recent interest in the deployment of Generative AI applications that use large language models (LLMs) has brought to the forefront significant privacy concerns, notably the leakage of Personally Identifiable Information (PII) and other confidential or protected information that may have been memorized during training, specifically during a fine-tuning or customization process. We describe different black-box attacks from potential adversaries and study their impact on the amount and type of information that may be recovered from commonly used and deployed LLMs. Our research investigates the relationship between PII leakage, memorization, and factors such as model size, architecture, and the nature of attacks employed. The study utilizes two broad categories of attacks: PII leakage-focused attacks (auto-completion and extraction attacks) and memorization-focused attacks (various membership inference attacks). The findings from these investigations are quantified using an array of evaluative metrics, providing a detailed understanding of LLM vulnerabilities and the effectiveness of different attacks.

Efficient Digital Twin Placement for Blockchain-Empowered Wireless Computing Power Network

As an open network architecture,Wireless Computing PowerNetworks(WCPN)pose newchallenges for achieving efficient and secure resource management in networks,because of issues such as insecure communication channels and untrusted device terminals.Blockchain,as a shared,immutable distributed ledger,provides a secure resource management solution for WCPN.However,integrating blockchain into WCPN faces challenges like device heterogeneity,monitoring communication states,and dynamic network nature.Whereas Digital Twins(DT)can accurately maintain digital models of physical entities through real-time data updates and self-learning,enabling continuous optimization of WCPN,improving synchronization performance,ensuring real-time accuracy,and supporting smooth operation of WCPN services.In this paper,we propose a DT for blockchain-empowered WCPN architecture that guarantees real-time data transmission between physical entities and digital models.We adopt an enumeration-based optimal placement algorithm(EOPA)and an improved simulated annealing-based near-optimal placement algorithm(ISAPA)to achieve minimum average DT synchronization latency under the constraint of DT error.Numerical results show that the proposed solution in this paper outperforms benchmarks in terms of average synchronization latency.