behrouz tork ladani

As cyber threats grow increasingly sophisticated, the importance of security training as an effective means of prevention will become even more critical. Cyber Range (CR) is a platform for creating cyber training programs using virtualization and simulation technologies to create a realistic training environment. The main challenge for utilizing a CR is the specialized human resources required to design and maintain training sessions. To tackle this challenge, several high-level languages, known as Scenario Description Languages (SDLs), have been developed to enable the specification of training environments as models. These models can then be automatically transformed into deployment artifacts. Our studies showed that the existing SDLs could not address requirements when designing complex scenarios where multiple trainees should collaborate to reach a desired goal through various acceptable solutions. We present the Collaborative Security Training SDL (CST-SDL) for creating multi-trainee and multi-solution scenarios. CST-SDL uses an acyclic directional graph for specifying the scenario's solution routes and allows defining trainees with unique tasks, goals, and solution routes during the training session. To evaluate the CST-SDL's capabilities, we have implemented and integrated it into the KYPO cyber range.

As the intensity of global cybersecurity threats continues to rise, the need for training security professionals has gained greater significance. Educational programs, complemented by laboratories and the execution of cybersecurity exercises, play a fundamental role in enhancing both offensive and defensive capabilities. The execution of such exercises is particularly crucial in operational networks, where testing cyberattacks may not be feasible. Cyber ranges offer an appropriate platform for conducting these exercises. A primary challenge in cybersecurity education is aligning training programs with the diverse skill levels of learners. Adaptive learning, powered by artificial intelligence and recommendation systems, can provide an effective solution for delivering personalized instruction. This study focuses on the KYPO Cyber Range to examine the potential of substituting or augmenting the role of the instructor with an AI-based recommendation agent. The objective of this research is to minimize human intervention and improve the efficiency of the training process. To this end, data collected from the KYPO Cyber Range, developed by Masaryk University, has been utilized, and various machine learning models have been applied to automate and optimize the training process. The results of this research indicate that the integration of artificial intelligence can enhance the performance of educational systems and reduce evaluation time.

Social networks have become a central part of our lives these days and have real effects on the world's events. However, social networks greatly boost spreading misinformation and rumors that are becoming more and more dangerous each day. As fighting rumors first requires detecting them, several researchers tried to propose novel approaches for automatic early detection of rumors. However, most of them rely on handcrafted content features which makes them prone to deception and threats the adaptability of the model. Furthermore, a great deal of work have concentrated on event-level rumor detection while it faces early detection with serious challenges. There are also deficiencies in proposed methods in terms of time and resource complexity. This study proposes a deep learning approach to automate the detection of rumors on Twitter. The proposed method relies on automatically extracted features through word and sentence embeddings along with profile and network-based features. It then uses Recurrent Neural Networks (RNN) leveraging Gated Recurrent Units (GRU) for detecting the veracity of a tweet. The proposed method also improves time efficiency. The achieved experimental evaluation results on RumorEval2019 dataset demonstrate that the proposed method outperforms other rival models on the same dataset in terms of both performance and time complexity. By the way, the proposed method is more resilient to deception by avoiding the use of handcrafted content features and leveraging features that are out of the control of the user.

Sensitive methods are those that are commonly used by Android malware to perform malicious behavior. These methods may be either evasion or malicious payload methods. Although there are several approaches to handle these methods for performing effective dynamic malware analysis, but generally most of them are based on a manually created list. However, the performance shown by the selected approaches is dependent on completeness of the manually created list that is not almost a complete and up-to-date one. Missing some sensitive methods causes to degrade the overall performance and affects the effectiveness of analyzing Android malware.In this paper, we propose a machine learning approach to predict new sensitive methods that might be used in Android malware. We use a manually collected training dataset to train two classifiers: a classifier for detecting the sensitivity nature of the Android methods, and another classifier to categorize the detected sensitive methods into predefined categories. We applied the proposed approach to a large number of methods extracted from Android API 27. The proposed approach is able to predict hundreds of sensitive methods with accuracy of 90.5% for the first classifier and 87.4% for the second classifier. To evaluate the proposed approach, we built a new list of the detected sensitive methods and used it in a number of tools to perform dynamic malware analysis. The proposed model found various sensitive methods that were not considered before by any other tools. Hence, the effectiveness of these tools in performing dynamic analysis are increased.

Todays, although social networks are used for extensive information sharing, spreading rumors has also been accelerated and become a serious problem. Rumor control can be accomplished through either hard or soft control strategies. The former uses depriving actions like blocking rumor spreaders, while the latter tries to persuade people personally avoiding rumor propagation by increasing their knowledge and awareness. Although there are some proposals for rumor control in social networks, suitable frameworks for modeling and analysis of rumor control strategies and methods with proper consideration of the effective factors is still a need. This study introduces a rumor propagation model based on evolutionary game theory along with a number of soft and hard rumor control methods. Using the proposed model, we simulate and analyze rumor control methods considering different environmental, personal, and content-related factors that may influence people's decisions about rumors. The simulation is conducted on a Twitter graph according to various society conditions. One of the findings is that the soft rumor control strategy is generally more effective than the hard rumor control strategy. The proposed model itself and the conducted analysis can be adopted for developing and deploying effective rumor control mechanisms in social network systems.

Android is a widely used operating system that employs a permission-based access control model. The Android Permissions System (APS) is responsible for mediating application resource requests. APS is a critical component of the Android security mechanism; hence, a failure in the design of APS can potentially lead to vulnerabilities that grant unauthorized access to resources by malicious applications. In this paper, we present a formal approach for modeling and verifying the security properties of APS. We demonstrate the usability of the proposed approach by showcasing the detection of a well-knownvulnerability found in Android’s custom permissions.

Smart grids using information technology (IT) and communication networks control smart home appliances to reduce costs and increase reliability and transparency. Preserving the privacy of the user data is one of the biggest challenges in smart grid research; by disclosing user-related data, an internal or external adversary can understand the habits and behavior of the users. A solution to address this challenge is, however, a data aggregation mechanism in which the aggregated data of all of the users in a residential area. The security and efficiency of the data aggregation approach are important. The drawback of the previous works is leaking fine-grained user data or the high computation and communication overhead. In this paper, we present an efficient privacy-preserving data-aggregation protocol, called PPDA, based on the Elliptic Curve Cryptography (ECC) and Anonymous Veto network protocol. The PPDA protocol aggregates metering data efficiently and securely so that it becomes applicable for resource-constraint metering devices. We also present an improved multi-cycle proposal of PPDA, called MC-PPDA. In the improved approach, the system initialization step runs only at the first cycle of the protocol which increases the efficiency of the protocol. Evaluation results show that the proposed approaches preserve the privacy of the fine-grained user data against an internal and external adversary; the improved multi-cycle approach is also secure against collusion. Compared to the previous approaches, the proposed approaches incur less computation and communication overhead.

Detection of browser attacks is considered a serious challenge in today’s web applications. Man in the Browser (MitB) attack is an important type of these attacks that can lead to changes in web page contents, interference in network traffic, session hijacking, and user information theft by using Trojans. In this paper, an efficient tool for real-time detection of MitB attacks through dynamic analysis of web pages based on the description of attack patterns is presented. The advantage of the proposed tool is that it is not limited to identifying one or more specific attacks and the identification method code is not embedded in the tool, but the patterns of different attacks are specified separately. In order to evaluate the presented tool, two vulnerable web services provided by OWASP, which have a wide range of known vulnerabilities, were used along with the BeEF penetration test framework, and a set of MitB attacks were practically implemented and evaluated by the tool. The same tests were performed using three other similar tools and compared with the developed tool. In addition to the superiority of the presented tool in terms of the independence of attack descriptions from the tool itself, the results show that the accuracy and readability of its diagnosis are better than similar tools.

Most of the current research on static analysis of Android applications for security vetting either work on Java source code or the Dalvik bytecode. Nevertheless, Android allows developers to use C or C++ code in their programs that is compiled into various binary architectures. Moreover, Java and the native code components (C or C++) can collaborate with each other using Java Native Interface. Recent research shows that native codes are frequently used in both benign and malicious Android applications. Most of the present Android static analysis tools avert considering native codes in their analysis and applied trivial models for their data-flow analysis. As we know only the open source JN-SAF tool has tried to solve this issue statically. However, there are still challenges like libC functions and multi-threading in native codes that we want to address in this work. We presented SANT as an extension of JN-SAF for supporting Static Analysis of Native Threads. We considered modeling libC functions in our data-flow analysis to have a more precise analysis when dealing with security vetting of native codes. We also used control flow and data dependence graphs in SANT to handle multiple concurrent threads and find implicit data-flow between them. Our experiments show that the conducted improvements outperforms JN-SAF in real-world benchmark applications.

Dynamic analysis is a prominent approach in analyzing the behavior of Android apps. To perform dynamic analysis, we need an event generator to provide proper environment for executing the app in an emulator. Monkey is the most popular event generator for Android apps in general, and is used in dynamic analysis of Android malware as well. Monkey provides high code coverage and yet high speed in generating events. However, in the case of malware analysis, Monkey suffers from several limitations. It only considers UI events but no system events, and because of random behavior in generating UI events, it may lose dropping the connectivity of the test environment during the analysis process. Moreover, it provides no defense against malware evasion techniques. In this paper, we try to enhance Monkey by reducing its limitations while preserving its advantages. The proposed approach has been implemented as an extended version of Monkey, named Curious-Monkey. Curious-Monkey provides facilities for handling system events, handling evasion techniques, and keeping the test environment's connectivity up during the analysis process. We conducted many experiments to evaluate the effectiveness of the proposed tool regarding two important criteria in dynamic malware analysis: the ability to trigger malicious payloads and the code coverage. In the evaluation process, we used the Evadroid benchmark and the AMD malware dataset. Moreover, we compared Curious-Monkey with Monkey and Ares tools. The results show that the Curious-Monkey provides better results in case of triggering malicious payloads, as well as better code coverage.

Design of secure authentication solutions for low-cost RFID tags is still an open and quite challenging problem, though many protocols have been published in the last decade. In 2013, Wei and Zhang proposed a new lightweight RFID authentication protocol that conforms to the EPC-C1G2 standard and claimed that the protocol would be immune against all known attacks on RFID systems. In this paper, we consider the security of this protocol and show that it cannot provide secure authentication for RFID users. An attacker, by following our suggested approach, will be able to impersonate server/reader, and destroy synchronization between the back-end server and the tag. Finally, we enhance this protocol, and by using formal and informal security analysis we show that the enhanced protocol strongly inhibits the security flaws of its predecessor.

An important issue in P2P networks is the existence of malicious nodes that decreases the performance of such networks. Reputation system in which nodes are ranked based on their behaviour, is one of the proposed solutions to detect and isolate malicious (low ranked) nodes. GossipTrust is an interesting previously proposed algorithm for reputation aggregation in P2P networks based on the concept of gossip. Despite its important contribution, this algorithm has deficiencies especially with high number of nodes that leads to high execution time and low accuracy in the results. In this paper, a grouped Gossip based Reputation Aggregation (GGRA) algorithm is proposed. In GGRA, GossipTrust is executed in each group between group members and between groups instead of executing in the whole network. Due to the reduction in the number of nodes and using strongly connected graph instead of a weakly one, gossip algorithm in GGRA is executed quickly. With grouping, not only reputation aggregation is expected to be more scalable, but also because of the decrement in the number of errors of the gossiped communication, the results get more accurate. The evaluation of the proposed algorithm and its comparison with GossipTrust confirms the expected results.

Nowadays, the growth of virtual environments such as virtual organizations, social networks, and ubiquitous computing, have led to the adoption of trust concept. One of the methods of making trust in such environments is to use long-term relationship with a trusted partner. The main problem of this kind of trust, which is based on personal experiences, is its limited domain. Moreover, both parties of such trust relationship will face big problems of collecting data and forming reasonable and reliable beliefs. Considering the concept of “group” in modeling trust is a way to overcome the above mentioned problems. Since,group-based trust is more suited with the nature of trust in new virtual environments. In this paper a new trust model called “GTrust” is proposed in which trust is considered as a collective and shared feature of all group members. Therefore, group membership is used as the judgment criteria regarding a person’s expected behavior and how he can be a trustee. GTrust is based on Metagraphs which is a graphical data structure for representing a collection of directed set-to-set mappings. We show that by using GTrust, large trust spaces between unknown individuals can be shaped effectively. The proposed model not only offers a better description of human sense of trust when considering communities, but also provides the setting for evaluating the trust of individuals whom we do not know, and therefore provides an extended evaluation domain.

Despite significant advances in the access control domain, requirements of new computational environments like web services still raise new challenges. Lack of appropriate method for specification of access control policies (ACPs), composition, verification and analysis of them have all made the access control in the composition of web services a complicated problem. In this paper, a new independent formal model called Constrained Policy Graph (CPG) for specification of ACPs and their composition as well as verification of conflict or incompatibility among the ACPs is represented. It is shown how CPG can be used in modeling and verification of web service composition ACPs. Also the application of CPG for modeling policies in BPEL processes -as the most common composition method for web services- is illustrated.