SACM - United States of America

Permanent URI for this collectionhttps://drepo.sdl.edu.sa/handle/20.500.14154/9668

Browse

Subject: search.filters.subject.security

Search Results

Now showing 1 - 5 of 5
  • No Thumbnail Available
    ItemRestricted
    OPTIMIZING INTRUSION DETECTION IN IOT NETWORK ENVIRONMENTS THROUGH DIVERSE DETECTION TECHNIQUES
    (Florida Atlantic University, 2025-03-11) Al Hanif, Abdulelah; Ilyas, Mohammad
    The rapid proliferation of Internet of Things (IoT) environments has revolutionized numerous areas by facilitating connectivity, automation, and efficient data transfer. However, the widespread adoption of these devices poses significant security risks. This is primarily due to insufficient security measures within the devices and inherent weaknesses in several communication network protocols, such as the Message Queuing Telemetry Transport (MQTT) protocol. MQTT is recognized for its lightweight and efficient machine-to-machine communication characteristics in IoT environments. However, this flexibility also makes it susceptible to significant security vulnerabilities that can be exploited. It is necessary to counter and identify these risks and protect IoT network systems by developing effective intrusion detection systems (IDS) to detect attacks with high accuracy. This dissertation addresses these challenges through several vital contributions. The first approach concentrates on improving IoT traffic detection efficiency by utilizing a balanced binary MQTT dataset. This involves effective feature engineering to select the most important features and implementing appropriate machine learning methods to enhance security and identify attacks on MQTT traffic. This includes using various evaluation metrics such as accuracy, precision, recall, F1-score, and ROC-AUC, demonstrating excellent performance in every metric. Moreover, another approach focuses on detecting specific attacks, such as DoS and brute force, through feature engineering to select the most important features. It applies supervised machine learning methods, including Random Forest, Decision Trees, k-Nearest Neighbors, and Xtreme Gradient Boosting, combined with ensemble classifiers such as stacking, voting, and bagging. This results in high detection accuracy, demonstrating its effectiveness in securing IoT networks within MQTT traffic. Additionally, the dissertation presents a real-time IDS for IoT attacks using the voting classifier ensemble technique within the spark framework, employing the real-time IoT 2022 dataset for model training and evaluation to classify network traffic as normal or abnormal. The voting classifier achieves exceptionally high accuracy in real-time, with a rapid detection time, underscoring its efficiency in detecting IoT attacks. Through the analysis of these approaches and their outcomes, the dissertation highlights the significance of employing machine learning techniques and demonstrates how advanced algorithms and metrics can enhance the security and detection efficiency of general IoT network traffic and MQTT protocol network traffic.
    29 0
  • No Thumbnail Available
    ItemEmbargo
    ENHANCING LOCATION INFORMATION PRIVACY AND SECURITY IN IoBT USING DECEPTION-BASED TECHNIQUES
    (Florida Atlantic Uniiversity, 2024-09) Alkanjr, Basmh; Imadeldin, Mahgoub
    IoBT stands for the Internet of Battlefield Things. This concept extends the principles of the Internet of Things (IoT) for military and defense use. IoBT integrates smart devices, sensors, and technology on the battlefield to improve situational awareness, communication, and decision-making in military operations. Sensitive military data typically includes information crucial to national security, such as the location of soldiers and equipment. Unauthorized access to location data may compromise operational confidentiality and impede the element of surprise in military operations. Therefore, ensuring the security of location data is crucial for the success and efficiency of military operations. We propose two systems to address this issue. First, we propose a novel deception-based scheme to enhance the location-information security of IoBT nodes. The proposed scheme uses a novel encryption method, dummy IDs, and dummy packets technology. We develop a mathematical model to evaluate our scheme in terms of safety time (ST), probability of failure (PF), and the probability of identifying the real packet in each location information update (PIRP). Then, we develop NetLogo simulations to validate the mathematical model. The proposed scheme increases ST, reduces PF and PIRP. We develop a scheme to protect the node's identity using dummy ID, silence period, and sensitive area’s location privacy enhancement concepts. We generate a pseudonym location for each node in the IoBT environment to protect the node's real location information. We propose a new metric called the average probability of linkability per dummy ID (DID) change to assess the attacker's effectiveness in linking the source node with its new DID following the silent period. We develop Matlab simulations to evaluate our scheme in terms of average anonymity and average probability of linkability per DID change. The results showed further privacy enhancement by applying the sensitive area concept. Tampering with location information, such as falsification attacks, can lead to inaccurate battlefield assessments and personnel safety risks. Thus, we design ANFIS and ensemble methods for detecting position falsification attacks in IoBT. Using the VeReMi dataset, our method achieved high detection accuracy while reducing false negative rate and computation complexity. Cross-validation further supports the reliability of our model.
    32 0
  • Thumbnail Image
    ItemRestricted
    INTO THE DIGITAL ABYSS: EXPLORING THE DEPTHS OF DATA COLLECTED BY IOT DEVICES
    (Johns Hopkins University, 2024-02-22) Almogbil, Atheer; Rubin, Aviel
    The proliferation of interconnected smart devices, once ordinary household appliances, has led to an exponential increase in sensitive data collection and transmission. The security and privacy of IoT devices, however, have lagged behind their rapid deployment, creating vulnerabilities that can be exploited by malicious actors. While security attacks on IoT devices have garnered attention, privacy implications often go unnoticed, exposing users to potential risks without their awareness. Our research contributes to a deeper understanding of user privacy concerns and implications caused by data collection within the vast landscape of the Internet of Things (IoT). We uncover the true extent of data accessible to adversarial individuals and propose a solution to ensure data privacy in precarious situations. We provide valuable insights, paving the way for a more informed and comprehensive approach to studying, addressing, and raising awareness about privacy issues within the evolving landscape of smart home environments.
    15 0
  • Thumbnail Image
    ItemRestricted
    Usability and security of recognition-based textual password
    (Iowa State University, 2024-07-16) Wasfi, Hassan; Stone, Richard
    Knowledge-based passwords are still the most dominant authentication technique for authentications purposes, in spite of the emergence of alternative systems such as token-based and biometric systems. This approach has remained the most popular one mostly because of its user familiarity, compatibility, usability, affordability. Nevertheless, the main challenge of knowledge-based password schemes based on creating passwords that deliver a balance between usability and security. This dissertation will be focused on the recent researches related to textual and graphical password to have an overview of their usability and security features and drawbacks. The literature review of this dissertation studied the main challenges of textual password schemes (text-based, passphrase, mnemonic, pronounceable, persuasive-text passwords). These schemes have several issues such as memorization, password complexity, password resets, input errors, password reuse and strength against guessing attack. On the other hand, graphical password schemes (recognition, recall, and hybrid passwords) improve the memorability compared to textual password because user experience with interacting with images result in better memorability rate. Graphical passwords have their own issues which are require a huge storage space(costly), complex setup and enrollment, long time to log in, limited password space, and vulnerability to shoulder surfing attack. After a deep investigation done in the literature review, this dissertation will have a thoughtful examination related the major features and drawbacks of recognition-based textual passwords because it provides the usability and security benefits of graphical passwords with the familiarity of textual passwords. Also, this dissertation studied the recognition textual password and its types to have a clear vision to build a usable and secure authentication system. This approach is categorized into two main aspects user and system generated method. Previous researches deeply studied the system-generated recognition textual password for both nouns and passphrase in term of avoiding weak users’ choices of password creation however, researchers found that users had difficulty in memorization in long term memory. On the other hand, user chosen recognition textual password provides high memorability rate compared to system generated but it’s not secure enough because users tend to select predictable words. This dissertation will be focused on user chosen recognition textual password. Third chapter showed a study compares the usability of recognition and recall textual password for nouns and passphrase to distinguish the user’s behaviors of password creation, system design, wordlist, memorability rate, and login time. The study discovered that recognition textual password of passphrase has higher memorability rate compared to recognition nouns, recall nouns and recall passphrase because some users select their password in unmeaningful structure. Also, the login time for recognition passphrase is less than others conditions. The wordlist and system design play an important role storing and retrieving performance. Overall, this result will help to establish a new method that avoiding these issues. Previous studies have not built a recognition textual password method with a high entropy space, and mitigating common attacks. Moreover, enhancing the system design by considering word types, word presentation, and phycological stimulus. These factors can influence the users’ performance in the storing and retrieving processes. Therefore, a novel authentication method called Word Pattern Recognition Textual Password (WPRTP) was proposed, which is based on drawing a pattern on a grid with a specific security requirement to balance between usability and security. This work aims to compare WPRTP with a recall textual password to explore its potential for enhancing user experience, usability, and security. The WPRTP results indicating that it is significantly more memorable in long-term memory (over a three-week period), and required less time to register compared to a recall passphrase. Thus, WPRTP is a potential alternative to traditional textual password.
    34 0
  • Thumbnail Image
    ItemRestricted
    Moving Target Detection and Prediction towards Cyber Agile Cellular Networks
    (Alotaibi, Saad, 2019-04-29) Alotaibi, Saad; Song, Houbing
    Agile networks such as cellular networks are often prone to attacks emanating from various loopholes. The security loopholes increase the vulnerability of a network whereby the attackers are able to utilize the attack surface to execute an attack. One of the best approach of eliminating the security loopholes is to reduce the attack surface that in the network. An approach known as Moving Target Defense (MTD) is a robust mechanism aimed at reducing the attack surface in a cyber-agile network. This paper proposes the development of an MTD framework aimed at reducing the attack surface in a cloud- based network. The approach aims to formulate how multiple virtual machines can be migrated from one network layer to another with the aim of minimizing the chances of an attacker exploiting the network vulnerabilities. The proposed framework also addresses the mechanism of transforming the I.P addresses of the virtual machines after successful migration to the new network layer. The framework is simulated with the OpenStack platform whereby the network layer is implemented using nova- compute while the hardware is implemented using neuron framework. The algorithmic framework is further supported and implemented using Python programming platform. The experimental results indicate that the migration process is attained within a maximum duration of 0.3 seconds, which is adequate enough to prevent an attacker from executing an attack on the network. The proposed MTD framework is capable of improving the security of a cyber-agile network by minimizing the attack surface. For enhancing the security of the system, the IP mutation methodology has also been proposed along with MTD. For checking the efficiency of proposed IP mutation methodology, two metrics were defined i.e. assurance and avoidance. The results for IP mutation methodology suggested that it uses flexible and elastic characteristics of SDN and helps to enhance the security of the system.
    14 0

Copyright owned by the Saudi Digital Library (SDL) © 2025