Notwithstanding the potential danger to security and privacy, sharing and publishing data has become usual in Data Science. To preserve privacy, de-identification methodologies guided by risk estimation have been designed. Two issues associated with classical risk metrics are, on the one hand, the adequacy of the metric and, on the other hand, its static nature. In this paper, we present metrics for estimating risk based on the emerging semantics provided by Formal Concept Analysis. The metrics are designed to estimate the (...) a priori risk of compromised data deletion. Furthermore, by applying specialized variable forgetting methods for association rules, it is shown how to reflect the effect of deleting attributes belonging to potentially dangerous quasi-identifier sets. Additionally, a study of the role of the risk metric in confidence-based reasoning for re-identification is presented. (shrink)

As it is well known, mobile phones have become a basic gadget for any individual that usually stores sensitive information. This mainly motivates the increase in the number of attacks aimed at jeopardizing smartphones, being an extreme concern above all on Android OS, which is the most popular platform in the market. Consequently, a strong effort has been devoted for mitigating mentioned incidents in recent years, even though few researchers have addressed the application of visualization techniques for the analysis of (...) malware. Within this field, the present work proposes the extension of a new technique called Hybrid Unsupervised Exploratory Plots to visualize Android malware datasets. More precisely, the novel Beta-Hebbian Learning (BHL) method is applied for the first time and validated under the frame of Hybrid Unsupervised Exploratory Plots, in conjunction with clustering methods. The informative visualization achieved provides a picture of the structure of the malware families, allowing subsequent analysis of their organization. To validate the Hybrid Unsupervised Exploratory Plot extension and its tuning, the popular Android Malware Genome dataset has been used in the experimental setting. Promising results have been obtained, suggesting that BHL applied in combination with clustering techniques in Hybrid Unsupervised Exploratory Plots are a viable resource for the visualization of malware families. (shrink)

Context: Predicting security and trust vulnerabilities and issues is crucial for IoT interconnected systems and ecosystems, especially when integrating new, third-party or open-source components. Objective: One way to ensure timely predictions is by using a smart monitoring framework to continuously verify functional and non-functional property violations during the executions of the systems and their components. Method: This paper presents a set of guidelines for the Smart Monitoring Framework definition and its application process. Results and Conclusion: The paper provides the reference (...) architecture of the Smart Monitoring Framework and its possible implementation to promptly detect suspicious behavior or property violations. The paper also illustrates how the provided implementation satisfies the defined guidelines by design. (shrink)

In this paper we present a set of good practices in the design of a security-centric architecture for a Communication Channel that can be used to secure a Loosely-Coupled distributed platform, over unreliable communication mediums. The proposed practices are derived from designing a complete architecture that is modular and designed to support principles of Service Oriented Architecture (SOA) and the common functional requirements of a wide range of applications, including cybersecurity, smart power grids and industrial Internet of Things (IoT). The (...) architecture was developed and implemented as part of the BIECO project, and is based around open standards such as Open Platform Communications United Architecture (OPC-UA). The key feature of the architecture is that it enables secure asynchronous near-real-time communication between a large number of nodes in a multimodal setup, without the need of any Service to know its place within the tool-chain. Based on our experience with building this system and based on the good results obtained, we are presenting a list of lessons learnt, recommendations for better communication channel modules within loosely coupled distributed systems. (shrink)

An essential requirement for increasing human confidence in computer systems is knowing an event’s origin. Therefore, it is necessary to have an efficient method to record such information. It is especially challenging in robotics, where unexpected behaviours can have unpredictable consequences, endangering the interests of people or even their safety. Furthermore, to analyse an incident’s cause or anticipate future behaviours, we must identify the events that cause a specific action. Although it is common to use logging systems for such purposes, (...) issues such as partial recording of events, unhelpful data or the impact on robot performance suggest conceiving new accountability solutions that assist when determining the responsible entities or the provenance of specific information. This paper presents a general-purpose approach to developing an accountability system for autonomous robots. It consists of four main components: a system event logger, a message producer, a distributed event streaming platform and a database. Our proposal is completely decoupled from the monitored system and allows real-time analysis, improving flexibility, besides system protection and transparency. Finally, the need to reduce the impact of the audit process and logging tasks on robot performance has promoted the development of different assessment scenarios to determine the best strategy for providing accounting services. (shrink)

This paper proposes an innovative approach to achieving real-time polymorphic behavior detection, and its direct application to blockchain-focused smart-contracts. We devise a method based on a non-deterministic finite state machine to perform approximate pattern-matching, using a look-ahead mechanism implemented through a concept similar to that of a sliding window, and using threshold-based similarity checking at every state in the automaton. We introduce and formalize our approach, discuss the challenges we faced and then test it in a real-world environment. The experimental (...) results obtained showed a significant speed-up of our approach, as compared to the classic similarity measures used commonly in such scenarios. (shrink)

Digitization of every daily procedure requires trustworthy verification schemes. People tend to overlook the security of the passwords they use, i.e. they use the same password on different occasions, they neglect to change them periodically or they often forget them. This raises a major security issue, especially for elderly people who are not familiar with modern technology and its risks and challenges. To overcome these drawbacks, biometric factors were utilized, and nowadays, they have been widely adopted due to their convenience (...) of use and ease of hardware installation. Many biometric-based authentication schemes were proposed, but despite the advantages that they offer, recent research has shown that biometrics by itself cannot be considered as an inviolable technique. Recently, we have proposed StegoPass, a novel method that obtains the 68 facial points of a user and utilizes them as a stego message to an image. This produced stego image was the password. Although the experiments conducted showed maximum security, it would be challenging to enhance the robustness of the proposed model for even more attacks. This paper examines the utilization of multimodal biometrics as the secret message embedded in the image. More specifically, besides the extraction of the facial points, we extract the unique minutiae moments and combine them in a feature vector. This feature vector is then embedded in the image. Two different datasets were used, and the security of the method was tested against state-of-the-art deep learning models, i.e. generative adversarial networks, to test whether the image could be digitally synthesized and fool the proposed verification scheme. The results proved that the new enhanced version of StegoPass offers an extremely secure method as its predecessor. (shrink)

Software vulnerabilities are the root cause for a multitude of security problems in computer systems. Owing to their efficiency and tight control over low-level system resources, the C and C++ programming languages are extensively used for a myriad of purposes, from implementing operating system kernels to user-space applications. However, insufficient or improper memory management frequently leads to invalid memory accesses, eventually resulting in memory corruption vulnerabilities. These vulnerabilities are used as a foothold for elaborated attacks that bypass existing defense methods. (...) In this paper, we summarise the main memory safety violation types (i.e. memory errors), and analyse how they are exploited by attackers and the main mitigation methods proposed in the research community. We further systematise the most relevant techniques with regards to memory corruption identification in current programs. (shrink)

There is much effort nowadays to protect communication networks against different cybersecurity attacks (which are more and more sophisticated) that look for systems’ vulnerabilities they could exploit for malicious purposes. Network Intrusion Detection Systems (NIDSs) are popular tools to detect and classify such attacks, most of them based on ML models. However, ML-based NIDSs cannot be trained by feeding them with network traffic data as it is. Thus, a Feature Engineering (FE) process plays a crucial role transforming network traffic raw (...) data onto derived one suitable for ML models. In this work, we study the effects of applying one such FE technique in different ways on the performance of two ML models (linear and non-linear) and their selected features. This the Feature as a Counter approach. The derived observations are computed from either with the same number of raw samples, (batch-based approaches) or by aggregating them by time intervals (timestamp-based approach). Results show that there is no significant differences between the proposed approaches neither in the performance of the models nor in the selected features that validate our proposal making it feasible to be widely used as a standard FE method. (shrink)

This paper aims to enhance security in IoT device networks through a visual tool that utilizes three projection techniques, including Beta Hebbian Learning (BHL), t-distributed Stochastic Neighbor Embedding (t-SNE) and ISOMAP, in order to facilitate the identification of network attacks by human experts. This work research begins with the creation of a testing environment with IoT devices and web clients, simulating attacks over Message Queuing Telemetry Transport (MQTT) for recording all relevant traffic information. The unsupervised algorithms chosen provide a set (...) of projections that enable human experts to visually identify most attacks in real-time, making it a powerful tool that can be implemented in IoT environments easily. (shrink)