Federated Learning (FL) has recently arisen as a revolutionary approach to collaborative training Machine Learning models. According to this novel framework, multiple participants train a global model collaboratively, coordinating with a central aggregator without sharing their local data. As FL gains popularity in diverse domains, security, and privacy concerns arise due to the distributed nature of this solution. Therefore, integrating this strategy with Blockchain technology has been consolidated as a preferred choice to ensure the privacy and security of participants. This paper explores the research efforts carried out by the scientific community to define privacy solutions in scenarios adopting Blockchain-Enabled FL. It comprehensively summarizes the background related to FL and Blockchain, evaluates existing architectures for their integration, and the primary attacks and possible countermeasures to guarantee privacy in this setting. Finally, it reviews the main application scenarios where Blockchain-Enabled FL approaches have been proficiently applied. This survey can help academia and industry practitioners understand which theories and techniques exist to improve the performance of FL through Blockchain to preserve privacy and which are the main challenges and future directions in this novel and still under-explored context. We believe this work provides a novel contribution concerning the previous surveys and is a valuable tool to explore the current landscape, understand perspectives, and pave the way for advancements or improvements in this amalgamation of Blockchain and Federated Learning.

@en

Large-scale online campaigns, malicious or otherwise, require a significant degree of coordination among participants, which sparked interest in the study of coordinated online behavior. State-of-the-art methods for detecting coordinated behavior perform static analyses, disregarding the temporal dynamics of coordination. Here, we carry out a dynamic analysis of coordinated behavior. To reach our goal, we build a multiplex temporal network and we perform dynamic community detection to identify groups of users that exhibited coordinated behaviors in time. We find that i) coordinated communities (CCs) feature variable degrees of temporal instability; ii) dynamic analyses are needed to account for such instability, and results of static analyses can be unreliable and scarcely representative of unstable communities; iii) some users exhibit distinct archetypal behaviors that have important practical implications; iv) content and network characteristics contribute to explaining why users leave and join CCs. Our results demonstrate the advantages of dynamic analyses and open up new directions of research on the unfolding of online debates, on the strategies of CCs, and on the patterns of online influence.

@en

In recent years, the frequently reported incidents of Distributed Denial of Service assaults on vehicular networks in various countries have made researchers find new protective solutions. DDoS attacks can propagate through the charging points for electric vehicles in a charging station and affect the production of critical infrastructures such as electric grids. Existing solutions are efficient in attack detection; however, current systems do not offer multi-level protection, and zero-day vulnerabilities are prone to escape from the detection systems. In this paper, we address the problems mentioned above and introduce the first Machine Learning (ML)–based DDoS protective solution to combine prevention and detection mechanisms in vehicular networks. To be more specific, our proposed model is the first to consider the adaptive traffic threshold to generate the alarm for a suspicious amount of traffic flow in an Intrusion Detection Prevention System (IDPS). We call our proposed approach Protecting vEhicular neTworks against distRibuted deniAl of service attacKs (PETRAK). PETRAK uses four functions: prevention, alarm, training, and detection. The alarming system uses the flow parameters and activates the detection module to detect malicious packets. The prevention system works in two modes: immediate and future. PETRAK uses logistic regression to identify incoming packets and signatures of malicious packets to prevent future attacks. We also show that our proposed model is implacable towards advanced post-quantum cryptography-based traffic and also able to analyse side-channel attacks. We run a comprehensive set of experiments to test PETRAK on our synthesized dataset, KDDCUP’99 dataset, CIC-MalMem-2022, and the ToN-IoT dataset. We observe that PETRAK shows an accuracy of 99%. The results claim the efficiency of PETRAK in detecting and preventing DDoS attacks in vehicular networks.

@en

Modeling and predicting the behavior of nodes and users in blockchains provide opportunities for business strategy optimization. Indeed, the number of interactions of a node is strictly related to its balance and its prediction may be used for analytics purposes and investment strategies. However, the amount and diversity of information stored on the blockchain demand advanced tools for the modeling and analysis of blockchain data. Such tools should be able to capture the dynamicity and interaction of multiple independent actors, considering a large number of variables and dynamic interaction graph topologies. This is exacerbated by the use of smart contracts, programs stored in blockchain blocks that bring automation to blockchain's operations and thus increasing the variability of the resulting interaction graphs. Existing modeling methodologies are unable to keep track of all these details, as they are not able to capture the temporal variability of the network. In this paper, we propose a novel framework for modeling and predicting the behavior of smart contracts on a blockchain. We propose the concept of temporal smart contracts networks, i.e., graphs representing the temporal evolution of interactions and data flow. Our framework allows the creation of temporal smart contract networks with different granularity levels by considering different interaction patterns between smart contracts, externally owned accounts, and internal transactions. Thanks to these graphs, we are able to model features such as the node in degree and amount of ether received by a smart contract, which are directly related to its behavior. We incorporate our modeling approach in Ethereum Data Inspection Tool (EDIT), a novel tool able to model interactions and predict them based on historical data. We test different machine learning models to predict features extracted by EDIT, hence allowing for the prediction of the overall behavior of the smart contract. We test EDIT on the Ethereum blockchain and model several temporal smart contracts networks, which represent the interactions and the data flow resulting from about 4 000 000 consecutive blocks. The evaluation of different real case studies shows that the proposed framework is able to predict, with a mean absolute error close to 1%, the evolution of several interesting properties (e.g., amount of received ether) related to both accounts and smart contracts.

@en

Federated Learning (FL) represents the de facto approach for distributed training of machine learning models. Nevertheless, researchers have identified several security and privacy FL issues. Among these, the lack of anonymity exposes FL to linkability attacks, representing a risk for model alteration and worker impersonation, where adversaries can explicitly select the attack target, knowing its identity. Named-Data Networking (NDN) is a novel networking paradigm that decouples the data from its location, anonymising the users. NDN embodies a suitable solution to ensure workers’ privacy in FL, thus fixing the abovementioned issues. However, several issues must be addressed to fit FL logic in NDN semantics, such as missing push-based communication in NDN and anonymous NDN naming convention. To this end, this paper contributes a novel anonymous-by-design FL framework with a customised communication protocol leveraging NDN. The proposed communication scheme encompasses an ad-hoc FL-oriented naming convention and anonymity-driven forwarding and enrollment procedures. The anonymity and privacy requirements considered during the framework definition are fully satisfied through a detailed analysis of the framework's robustness. Moreover, we compare the proposed mechanism and state-of-the-art anonymity solutions, focusing on the communication efficiency perspective. The simulation results show latency and training time improvements up to ∼30%, especially when dealing with large models, numerous federations, and complex networks.

@en

Video surveillance systems provide means to detect the presence of potentially malicious drones in the surroundings of critical infrastructures. In particular, these systems collect images and feed them to a deep-learning classifier able to detect the presence of a drone in the input image. However, current classifiers are not efficient in identifying drones that disguise themselves with the image background, e.g., hiding in front of a tree. Furthermore, video-based detection systems heavily rely on the image’s brightness, where darkness imposes significant challenges in detecting drones. Both these phenomena increase the possibilities for attackers to get close to critical infrastructures without being spotted and hence be able to gather sensitive information or cause physical damages, possibly leading to safety threats. In this article, we propose RANGO, a drone detection arithmetic able to detect drones in challenging images where the target is difficult to distinguish from the background. RANGO is based on a deep learning architecture that exploits a Preconditioning Operation (PREP) that highlights the target by the difference between the target gradient and the background gradient. The idea is to highlight features that will be useful for classification. After PREP, RANGO uses multiple convolution kernels to make the final decision on the presence of the drone. We test RANGO on a drone image dataset composed of multiple already-existing datasets to which we add samples of birds and planes. We then compare RANGO with multiple currently existing approaches to show its superiority. When tested on images with disguising drones, RANGO attains an increase of 6.6% mean Average Precision (mAP) compared to YOLOv5 solution. When tested on the conventional dataset, RANGO improves the mAP by approximately 2.2%, thus confirming its effectiveness also in the general scenario.

@en

Software-defined networking (SDN), enabled by high-performance programmable switches, offers a new avenue to counter cyber attacks. Programmable switches offer the ability to customize and conduct in-depth packet analysis, thus providing efficient and timely responses to DDoS attacks. However, implementing sophisticated DDoS detection may be a challenge in programmable switches because the p4 language does not support floating-point arithmetic, logarithmic functions, or loops. Furthermore, the limited SRAM and TCAM memory on programmable switches makes storing the network connection state difficult. Hence, effective deployment of DDoS detection techniques remains challenging due to these limitations and the rising complexity of the attacks. Many researchers proposed the DDoS detection solution directly on a programmable switch, ignoring the pressing need for a distributed solution. Therefore, this paper presents an innovative, decentralized traffic analysis framework called SPARQ that optimally utilizes the data and control planes. SPARQ is based on Rényi entropy that filters TCP SYN DDoS attacks. It leverages the programming ability of data planes for traffic classification and utilizes the control plane to calculate the metrics and acyclic redundancy checks within the traffic. Moreover, SPARQ uses quartile ranges to track packet inter-arrival time so that abnormal traffic patterns can be identified. We implement SPARQ in a BMv2 switch using the p4runtime controller, enabling seamless integration with SDN systems. We compare the performance of SPARQ with state-of-the-art solutions using the CAIDA dataset. The comparative analysis demonstrates that SPARQ provides a 20.59% reduction in CPU load, an average detection time shorter than 88%, and a 17.8% improvement in true positive rate (TPR).

@en

With the increasing complexity and frequency of cyber attacks, organizations recognize the need for a proactive and targeted approach to safeguard their digital assets and operations. Every industry faces a distinct array of threats shaped by factors such as its industrial objective, geographic footprint, workforce size, revenue, partnerships, and the extent of its digital assets. This results in a wide heterogeneity in threat landscapes, which necessitates tailored threat intelligence sources. While some security practitioners may gravitate towards extensive sources, relying solely on volume-based solutions often leads to “alert fatigue”. For this reason, organization-specific threat intelligence has acquired a growing importance in cybersecurity defense. This work presents a complete and novel framework called OSTIS (Organization-Specific Threat Intelligence System) for generating and managing organization-specific Cyber Threat Intelligence (CTI) data. Our approach identifies reliable security blogs from which we gather CTI data through a custom and focused Web Crawler. Relevant content from such sources is, then, identified and extracted using automated deep-learning models. Moreover, our AI-driven solution maps CTI data to specific domain scenarios, such as education, finance, government, healthcare, industrial control systems, and IoT. To validate and gain insights from the trained models, we also include an explainable AI (XAI, for short) task carried out by leveraging the SHapley Additive exPlanations (SHAP) tool. This allows us to interpret the prediction process and discern influential content from data. The last step of our framework consists of the generation of an Organization Specific Threat Intelligence Knowledge Graph (OSTIKG), empowering organizations to identify and visualize attack patterns and incidents, promptly. To create this graph, we develop and adapt several techniques to extract diverse entities, including malware groups, campaigns, attack types, malware types, software tools, and so forth, and to identify relationships among them. Finally, through an extensive experimental campaign, we certify the validity and performance of all the components of our framework, which shows a 0.84 F1-score in the identification of relevant content, a 0.93 F1-score for the domain classification, and a 0.95 and 0.89 F1-score in the identification of entities and relations to build our OSTIKG graph.

@en

We present a device-centric analysis of security and privacy attacks and defenses on extended reality (XR) devices. We present future research directions and propose design considerations to help ensure the security and privacy of XR devices.

@en

In the past decades, the rise of artificial intelligence has given us the capabilities to solve the most challenging problems in our day-to-day lives, such as cancer prediction and autonomous navigation. However, these applications might not be reliable if not secured against adversarial attacks. In addition, recent works demonstrated that some adversarial examples are transferable across different models. Therefore, it is crucial to avoid such transferability via robust models that resist adversarial manipulations. In this paper, we propose a feature randomization-based approach that resists eight adversarial attacks targeting deep learning models in the testing phase. Our novel approach consists of changing the training strategy in the target network classifier and selecting random feature samples. We consider the attacker with a Limited-Knowledge and Semi-Knowledge conditions to undertake the most prevalent types of adversarial attacks. We evaluate the robustness of our approach using the well-known UNSW-NB15 datasets that include realistic and synthetic attacks. Afterward, we demonstrate that our strategy outperforms the existing state-of-the-art approach, such as the Most Powerful Attack, which consists of fine-tuning the network model against specific adversarial attacks. Further, we demonstrate the practicality of our approach using the VIPPrint dataset through a comprehensive set of experiments. Finally, our experimental results show that our methodology can secure the target network and resists adversarial attack transferability by over 60%.

@en

The evolving behavior of the attacks may affect the decision boundaries of the trained machine learning models. The issue has not been well investigated, especially with hypervisor-based security solutions where virtual machine (VM)’s network artifacts are introspected and analyzed. In this paper, we proposed a sustainable and explainable flow-filtering-based concept drift-driven network intrusion detection approach, called ‘SFC-NIDS’ which introspects network activities by analyzing VM traffic profile. The VM traffic is captured and pre-processed at the hypervisor to extract important network artifacts. The redundant and trivial network flows have been filtered using the proposed gradient descent-based flow filtering mechanism and validated using explainability. SFC-NIDS employs auto-encoders to reconstruct the traffic features to capture additional patterns. Afterward, the 1D-convolution neural network has been employed to learn and detect malicious attack flows. The model’s sustainability is ensured by integrating the drift detection mechanism with the decision model to retrain it with evolving attack patterns. The approach has been validated with virtual network traffic artifacts collected at the hypervisor and provides 98.9% accuracy, 99.03%, and F1-Score. In addition, the approach has also been validated using the KDD99 dataset, showcasing an accuracy of 99.97% and an F1-Score of 99.98%.

@en

Predicting and classifying faults in electricity networks is crucial for uninterrupted provision and keeping maintenance costs at a minimum. Thanks to the advancements in the field provided by the smart grid, several data-driven approaches have been proposed in the literature to tackle fault prediction tasks. Implementing these systems brought several improvements, such as optimal energy consumption and quick restoration. Thus, they have become an essential component of the smart grid. However, the robustness and security of these systems against adversarial attacks have not yet been extensively investigated. These attacks can impair the whole grid and cause additional damage to the infrastructure, deceiving fault detection systems and disrupting restoration. In this paper, we present FaultGuard, the first framework for fault type and zone classification resilient to adversarial attacks. To ensure the security of our system, we employ an Anomaly Detection System (ADS) leveraging a novel Generative Adversarial Network training layer to identify attacks. Furthermore, we propose a low-complexity fault prediction model and an online adversarial training technique to enhance robustness. We comprehensively evaluate the framework’s performance against various adversarial attacks using the IEEE13-AdvAttack dataset, which constitutes the state-of-the-art for resilient fault prediction benchmarking. Our model outclasses the state-of-the-art even without considering adversaries, with an accuracy of up to 0.958. Furthermore, our ADS shows attack detection capabilities with an accuracy of up to 1.000. Finally, we demonstrate how our novel training layers drastically increase performances across the whole framework, with a mean increase of 154% in ADS accuracy and 118% in model accuracy.

@en

The rapidly evolving landscape of network security, particularly in Software Defined Networks (SDNs), presents a critical need for efficient and adaptive DDoS attack detection methods, especially in the face of TCP SYN DDoS attacks. These attacks pose significant threats to network resources and service availability. Current state-of-the-art solutions, predominantly based on Shannon entropy, have inherent limitations, that give equal weightage to all frequency probability. This inherent assumption often leads to inadequate detection in complex and dynamic network environments, where attack patterns are increasingly sophisticated and variable. In this paper, we present a novel framework called SYNTROPY that is designed to detect TCP SYN DDoS attacks in SDN environments. The proposed SYNTROPY framework leverages Rényi entropy to effectively generalize the measurement of uncertainty in the network traffic. Unlike Shannon entropy, Rényi entropy offers the flexibility to adjust sensitivity to varying network conditions and attack patterns, thereby enhancing detection accuracy. It filters benign, flash, and suspicious traffic and employs a min–max threshold to identify attack patterns accurately. Our framework is implemented using the Ryu Controller, thus enabling seamless integration with SDN systems. The experiment is conducted to evaluate the SYNTROPY performance using the CAIDA UCSD DDoS 2007 Attack Dataset. The comparative analysis demonstrates that SYNTROPY performs better across various metrics than state-of-the-art solutions. It includes a 40% reduction in average CPU load, 59% enhancement in average detection time, 13% increase in true positives rate, 34% decrease in false negatives rate, 10% recall improvement, and 8% higher F1-Score. These promising results showcase the potential of SYNTROPY as a robust and effective solution for addressing TCP SYN DDoS attacks in SDNs.

@en

Hyperloop is among the most prominent future transportation systems. It involves novel technologies to allow traveling at a maximum speed of 1220km/h while guaranteeing sustainability. Due to the system's performance requirements and the critical infrastructure it represents, its safety and security must be carefully considered. In transportation systems, cyberattacks could lead to safety issues with catastrophic consequences for the population and the surrounding environment. To this day, no research inves-tigated the cybersecurity issues of the Hyperloop technology. In this paper, we provide the first analysis of the cybersecurity challenges of the interconnections between the different components of the Hyperloop ecosystem. We base our analysis on the currently available Hyperloop implementations, distilling those features that will likely be present in its final design. Moreover, we investigate possible infrastructure management approaches and their security concerns. Finally, we discuss countermeasures and future directions for the security of the Hyperloop design.@en

Vehicular networks are vulnerable to Distributed Denial of Service (DDoS), an extension of a Denial of Service (DoS) attack. The existing solutions for DDoS detection in vehicular networks use various Machine Learning (ML) algorithms. However, these algorithms are applicable only in a single layer in a vehicular network environment and are incapable of detecting DDoS dynamics for different layers of the network infrastructure. The recently reported attacks on transport networks reveal the fact that a research gap exists between the existing solutions and the multi-layer DDoS detection strategy requirements. Additionally, the majority of the current detection methods fail in the consideration of traffic heterogeneity and are not rate-adaptive, where both the mentioned parameters are important for an effective detection system. In this paper, we introduce a comprehensive ML-based Network Intrusion Detection System (NIDS) against DDoS attacks in vehicular networks. Our proposed NIDS combines a three-tier security model, traffic adaptivity, and heterogeneity traffic provisions. We call our model Vehicular Adaptive Intrusion Detection And Novel System for Heterogeneous Hosts (VAIDANSHH). As mentioned earlier, VAIDANSHH has a three-tier security system: at RSU's hardware, communication channel, and RSU application level. VAIDANSHH combines the Adaptive Alarming Module (AAM) and the Detection Module (DM) for data generation, collection of generated data, flow monitoring, pre-processing, and classification. We use the NS3 simulation tool for our experiments to generate synthetic data and apply ML with WEKA. We run a thorough set of experiments, which show that VAIDANSHH detects UDP flooding, a form of DDoS attack, with 99.9% accuracy within a very short time. We compare VAIDANSHH with other state-of-the-art models; the comparative analysis shows that VAIDANSHH is superior in terms of accuracy and its multi-tier workflow.

@en

Cyber attackers leverage malware to infiltrate systems, steal sensitive data, and extort victims, posing a significant cybersecurity threat. Security experts address this challenge by employing machine learning and deep learning approaches to detect malware precisely, using static, dynamic, or hybrid methodologies. They visualize malware to identify patterns, behaviors, and common features across different malware families. Various methods and tools are used for malware visualization to represent different aspects of malware behavior, characteristics, and relationships. This article evaluates the effectiveness of visualization techniques in detecting and classifying malware. We methodically categorize studies based on their approach to information retrieval, visualization, feature extraction, classification, and evaluation, allowing for an in-depth review of cutting-edge methods. This analysis identifies key challenges in visualization-based techniques and sheds light on the field's progress and future possibilities. Our thorough analysis can provide valuable insights to researchers, helping them establish optimal practices for selecting suitable visualizations based on the specific characteristics of the analyzed malware.

@en

Autonomous driving is a research direction that has gained enormous traction in the last few years thanks to advancements in Artificial Intelligence (AI). Depending on the level of independence from the human driver, several studies show that Autonomous Vehicles (AVs) can reduce the number of on-road crashes and decrease overall fuel emissions by improving efficiency. However, security research on this topic is mixed and presents some gaps. On one hand, these studies often neglect the intrinsic vulnerabilities of AI algorithms, which are known to compromise the security of these systems. On the other, the most prevalent attacks towards AI rely on unrealistic assumptions, such as access to the model parameters or the training dataset. As such, it is unclear if autonomous driving can still claim several advantages over human driving in real-world applications. This paper evaluates the inherent risks in autonomous driving by examining the current landscape of AV sand establishing a pragmatic threat model. Through our analysis, we develop specific claims highlighting the delicate balance between the advantages of AVs and potential security challenges in real-world scenarios. Our evaluation serves as a foundation for providing essential takeaway messages, guiding both researchers and practitioners at various stages of the automation pipeline. In doing so, we contribute valuable insights to advance the discourse on the security and viability of autonomous driving in real-world applications.@en

Access control (AC) is an important security parameter in industrial networks; a mismanaged AC system leads to security breaches. The existing security solutions significantly consider the AC methods in the Industrial Internet of Things (IIoT); however, falsified identity can bypass the secure AC system. Thus, a centralized AC method leads to risks for data security. We are the first to address the risk factors of granted access in an industrial environment and present a risk-adaptive AC framework for IIoT. Our proposed solution framework uses blockchain to provide secure decentralized AC in the industrial environment with privacy-preserved multiparty data sharing. We name our framework 'adaptive AC for multiparty data computation in industrial decentralization (AALMOND).' AALMOND uses lightweight cryptographic operations to reduce the complexity of the execution and loosen up the tight bounds on resource-constrained industrial devices. Further, the risk-adaptive AC in AALMOND provides a better security analysis of the multiparty sharing data. Our framework uses role-based, attribute-based, and organization-based ACs to map the assets for risk calculation. We put all the required policies in a smart contract for the ease of multiparty data sharing to obtain a transparent AC execution more suitably. We also pioneer in the calculation of the risk adaptivity of AALMOND considering the National Institute of Standards and Technology recommendations of operation risk, security risk, and heuristic risk. We measure the performance of AALMOND with state-of-the-art frameworks based on throughput, latency, complexity analysis, and risk adaptivity factors. We find that AALMOND is efficient for IIoT as it shows 24% reduced latency and 20% better throughput as compared to the other existing models.

@en

Electric Vehicles (EVs) represent a green alternative to traditional fuel-powered vehicles. To enforce their widespread use, both the technical development and the security of users shall be guaranteed. Users' privacy represents a possible threat that impairs the adoption of EVs. In particular, recent works showed the feasibility of identifying EVs based on the current exchanged during the charging phase. In fact, while the resource negotiation phase runs over secure communication protocols, the signal exchanged during the actual charging contains features peculiar to each EV. In what is commonly known as profiling, a suitable feature extractor can associate such features to each EV.In this article, we propose EVScout2.0, an extended and improved version of our previously proposed framework to profile EVs based on their charging behavior. By exploiting the current and pilot signals exchanged during the charging phase, our scheme can extract features peculiar for each EV, hence allowing their profiling. We implemented and tested EVScout2.0 over a set of real-world measurements considering over 7,500 charging sessions from a total of 137 EVs. In particular, numerical results show the superiority of EVScout2.0 with respect to the previous version. EVScout2.0 can profile EVs, attaining a maximum of 0.88 for both recall and precision scores in the case of a balanced dataset. To the best of the authors' knowledge, these results set a new benchmark for upcoming privacy research for large datasets of EVs.

@en