Remote Attack Research Articles

A simulation framework for automotive cybersecurity risk assessment

Human-initiated disruptions such as cyberattacks on connected vehicles have the potential to cause cascading failures in transport systems, leading to systemic risks. ‘ISO/SAE 21434:2021 Road vehicles - Cybersecurity engineering’ is the current standard for risk management of road vehicles. However, the threat analysis and risk assessment framework given in the standard focuses on asset-level analysis and assessment. Hence, this study develops a novel simulation-based framework to perform threat analysis and risk assessment on connected vehicles from a transport network perspective. The proposed framework is developed based on the ISO/SAE 21434 threat analysis and risk assessment methodology. We demonstrate the applicability and usefulness of the framework through a remote attack via the cellular network on the in-vehicle communication bus system of a connected vehicle to show the potential impacts on the transport network. Based on the findings of our case studies, we exemplify how cyberattacks on individual system components of a connected vehicle have the potential to cause systemic failures.

A Packet Content-Oriented Remote Code Execution Attack Payload Detection Model

In recent years, various Remote Code Execution vulnerabilities on the Internet have been exposed frequently; thus, more and more security researchers have begun to pay attention to the detection of Remote Code Execution attacks. In this paper, we focus on three kinds of common Remote Code Execution attacks: XML External Entity, Expression Language Injection, and Insecure Deserialization. We propose a packet content-oriented Remote Code Execution attack payload detection model. For the XML External Entity attack, we propose an algorithm to construct the use-definition chain of XML entities, and implement detection based on the integrity of the chain and the behavior of the chain’s tail node. For the Expression Language Injection and Insecure Deserialization attack, we extract 34 features to represent the string operation and the use of sensitive classes/methods in the code, and then train a machine learning model to implement detection. At the same time, we build a dataset to evaluate the effect of the proposed model. The evaluation results show that the model performs well in detecting XML External Entity attacks, achieving a precision of 0.85 and a recall of 0.94. Similarly, the model performs well in detecting Expression Language Injection and Insecure Deserialization attacks, achieving a precision of 0.99 and a recall of 0.88.

Physical Side-Channel Attacks against Intermittent Devices

Intermittent (batteryless) devices operate solely using energy harvested from their environment. These devices turn on when they have energy and turn off during energy scarcity. Intermittent devices have recently become increasingly popular in smart buildings, manufacturing plants, and medical implantables as they eliminate the need for battery replacement and enable green computing. Despite their growing adoption in critical applications, the privacy implications of intermittent devices remain largely unexplored. In this paper, we introduce a novel remote side-channel attack. Our observation is that the network packet frequency of an intermittent device can be exploited to learn its turn-on/off patterns. From these patterns, we can infer the energy availability of a device, which reveals privacy-sensitive information about its operating environment, e.g., the presence or absence of individuals. To realize our attack, we develop a three-stage hierarchical inference framework that leverages the timestamped network packet sequence of intermittent devices. Our framework automatically extracts a set of temporal features from inter-packet-arrival timings. It then employs a series of models to uncover (1) whether a target intermittent device is present in the environment, (2) its energy harvester type (e.g., vibration or water flow), and (3) its energy availability conditions (e.g., high-vibration or no-vibration). To validate our attack effectiveness, we conduct experiments in two environments: a smart home and a miniature manufacturing plant equipped with three intermittent devices powered by solar energy, vibration, and temperature. By analyzing their energy availability patterns, we are able to infer user activities and presence in the smart home and the robot’s movement patterns in the manufacturing plant with an average accuracy of 85%. This sensitive information enables an adversary to launch domain-specific attacks, such as burglarizing a smart home when the user is asleep or timely tampering with plant sensors to cause maximum damage.

The Impact of Network Design Interventions on the Security of Interdependent Systems

We study the problem of defending a Cyber-Physical System (CPS) consisting of interdependent components with heterogeneous sensitivity to investments. In addition to the optimal allocation of limited security resources, we analyze the impact of an orthogonal set of defense strategies in the form of network design interventions in the CPS to protect it against the attacker. We first propose an algorithm to simplify the CPS attack graph to an equivalent form which reduces the computational requirements for characterizing the defender's optimal security investments. We then evaluate four types of design interventions in the network in the form of adding nodes in the attack graph, interpreted as introducing additional safeguards, introducing structural redundancies, introducing functional redundancies, and introducing new functionalities. We identify scenarios in which interventions that strengthen internal components of the CPS may be more beneficial than traditional approaches such as perimeter defense. We showcase our proposed approach in two practical use cases: a remote attack on an industrial CPS and a remote attack on an automotive system. We highlight how our results closely match recommendations made by security organizations and discuss the implications of our findings for CPS design.

METHODS AND MEANS TO IMPROVE THE EFFICIENCY OF NETWORK TRAFFIC SECURITY MONITORING BASED ON ARTIFICIAL INTELLIGENCE

This paper aims to provide a solution for malicious network traffic detection and categorization. Remote attacks on computer systems are becoming more common and more dangerous nowadays. This is due to several factors, some of which are as follows: first of all, the usage of computer networks and network infrastructure overall is on the rise, with tools such as messengers, email, and so on. Second, alongside increased usage, the amount of sensitive information being transmitted over networks has also grown. Third, the usage of computer networks for complex systems, such as grid and cloud computing, as well as IoT and “smart” locations (e.g., “smart city”) has also seen an increase. Detecting malicious network traffic is the first step in defending against a remote attack. Historically, this was handled by a variety of algorithms, including machine learning algorithms such as clustering.
 However, these algorithms require a large amount of sample data to be effective against a given attack. This means that defending against zero‑day attacks or attacks with high variance in input data proves difficult for such algorithms. In this paper, we propose a semi‑supervised generative adversarial network (GAN) to train a discriminator model to categorize malicious traffic as well as identify malicious and non‑malicious traffic. The proposed solution consists of a GAN generator that creates tabular data representing network traffic from a remote attack and a classifier deep neural network for said traffic. The main goal is to achieve accurate categorization of malicious traffic with a few labeled examples. This can also, in theory, improve classification accuracy compared to fully supervised models. It may also improve the model’s performance against completely new types of attacks. The resulting model shows a prediction accuracy of 91 %, which is lower than a conventional deep learning model; however, this accuracy is achieved with a small sample of data (under 1000 labeled examples). As such, the results of this research may be used to improve computer system security, for example, by using dynamic firewall rule adjustments based on the results of incoming traffic classification. The proposed model was implemented and tested in the Python programming language and the TensorFlow framework. The dataset used for testing is the NSL‑KDD dataset.

Threat Modeling for Communication Security of IoT-Enabled Digital Logistics

The modernization of logistics through the use of Wireless Sensor Network (WSN) Internet of Things (IoT) devices promises great efficiencies. Sensor devices can provide real-time or near real-time condition monitoring and location tracking of assets during the shipping process, helping to detect delays, prevent loss, and stop fraud. However, the integration of low-cost WSN/IoT systems into a pre-existing industry should first consider security within the context of the application environment. In the case of logistics, the sensors are mobile, unreachable during the deployment, and accessible in potentially uncontrolled environments. The risks to the sensors include physical damage, either malicious/intentional or unintentional due to accident or the environment, or physical attack on a sensor, or remote communication attack. The easiest attack against any sensor is against its communication. The use of IoT sensors for logistics involves the deployment conditions of mobility, inaccesibility, and uncontrolled environments. Any threat analysis needs to take these factors into consideration. This paper presents a threat model focused on an IoT-enabled asset tracking/monitoring system for smart logistics. A review of the current literature shows that no current IoT threat model highlights logistics-specific IoT security threats for the shipping of critical assets. A general tracking/monitoring system architecture is presented that describes the roles of the components. A logistics-specific threat model that considers the operational challenges of sensors used in logistics, both malicious and non-malicious threats, is then given. The threat model categorizes each threat and suggests a potential countermeasure.

Investigating the Security of EV Charging Mobile Applications as an Attack Surface

The adoption rate of EVs has witnessed a significant increase in recent years driven by multiple factors, chief among which is the increased flexibility and ease of access to charging infrastructure. To improve user experience and increase system flexibility, mobile applications have been incorporated into the EV charging ecosystem. EV charging mobile applications allow consumers to remotely trigger actions on charging stations and use functionalities such as start/stop charging sessions, pay for usage, and locate charging stations, to name a few. In this article, we study the security posture of the EV charging ecosystem against a new type of remote that exploits vulnerabilities in the EV charging mobile applications as an attack surface. We leverage a combination of static and dynamic analysis techniques to analyze the security of widely used EV charging mobile applications. Our analysis was performed on 31 of the most widely used mobile applications including their interactions with various components such as cloud management systems. The attack scenarios that exploit these vulnerabilities were verified on a real-time co-simulation test bed. Our discoveries indicate the lack of user/vehicle verification and improper authorization for critical functions, which allow adversaries to remotely hijack charging sessions and launch attacks against the connected critical infrastructure. The attacks were demonstrated using the EVCS mobile applications showing the feasibility and the applicability of our attacks. Indeed, we discuss specific remote attack scenarios and their impact on EV users. More importantly, our analysis results demonstrate the feasibility of leveraging existing vulnerabilities across various EV charging mobile applications to perform wide-scale coordinated remote charging/discharging attacks against the connected critical infrastructure (e.g., power grid), with significant economical and operational implications. Finally, we propose countermeasures to secure the infrastructure and impede adversaries from performing reconnaissance and launching remote attacks using compromised accounts.

IMPLEMENTASI KEAMANAN JARINGAN MENGGUNAKAN PORT KNOCKING

Technological advancements continue to progress rapidly, allowing experts to enhance their knowledge across various industries, including health, network security, and others. PT Air Batam Hulu is a water company situated at Building A-WTP Moya Muka Kuning Jl. Letjend Supranto in Batam, responsible for managing the security of drinking water. However, the company's existing system is susceptible to data security breaches due to unauthorized hacking attempts. In addition, computer network systems face both physical and logical threats, such as Sniffer, Spoofing, Preaking, Remote Attack, Hole, Hacker, Cracker, and more. Among the current successful hacking attempts, UML sites, Malware, Trojans, Viruses, and port scanning are commonly encountered. To address security concerns, the company implements a security system called "port knocking," which involves opening or closing access to specific ports through the use of a firewall on network devices. This system works by sending certain packets or connections, including TCP, UDP, and ICMP protocols. To gain access to restricted ports, users are required to perform a "knocking" action by inputting the necessary rule beforehand. This ensures that only authorized users can access and use specific ports, enhancing data security and reducing the risk of unauthorized infiltration.

Deception Technique Using Remote Access Application

Cyber frauds increased during the lockdown period. Remote Apps like Anydesk, TeamViewer are used by fraudsters for executing malicious activity and the victim never knows what has happened. This article brings about an awareness about various tactics used by fraudsters resorting to Remote app technique. Different real time fraud cases are explored to understand the Remote App attack methodology. Customer fraud awareness index is also analyzed to check their responses towards attack simulating techniques. The purpose of the study is to educate people about Remote Access app technique and the preventive measures to avoid financial loss.

Detecting Remote Access Network Attacks Using Supervised Machine Learning Methods

Remote access technologies encrypt data to enforce policies and ensure protection. Attackers leverage such techniques to launch carefully crafted evasion attacks introducing malware and other unwanted traffic to the internal network. Traditional security controls such as anti-virus software, firewall, and intrusion detection systems (IDS) decrypt network traffic and employ signature and heuristic-based approaches for malware inspection. In the past, machine learning (ML) approaches have been proposed for specific malware detection and traffic type characterization. However, decryption introduces computational overheads and dilutes the privacy goal of encryption. The ML approaches employ limited features and are not objectively developed for remote access security. This paper presents a novel ML-based approach to encrypted remote access attack detection using a weighted random forest (W-RF) algorithm. Key features are determined using feature importance scores. Class weighing is used to address the imbalanced data distribution problem common in remote access network traffic where attacks comprise only a small proportion of network traffic. Results obtained during the evaluation of the approach on benign virtual private network (VPN) and attack network traffic datasets that comprise verified normal hosts and common attacks in real-world network traffic are presented. With recall and precision of 100%, the approach demonstrates effective performance. The results for k-fold cross-validation and receiver operating characteristic (ROC) mean area under the curve (AUC) demonstrate that the approach effectively detects attacks in encrypted remote access network traffic, successfully averting attackers and network intrusions.

Neural Network, Nonlinear-Fitting, Sliding Mode, Event-Triggered Control under Abnormal Input for Port Artificial Intelligence Transportation Robots

A new control algorithm was designed to solve the problems of actuator physical failure, remote network attack, and sudden change in trajectory curvature when a port’s artificial intelligence-based transportation robots track transportation in a freight yard. First of all, the nonlinear, redundant, saturated sliding surface was designed based on the redundant information of sliding mode control caused by the finite nature of control performance; the dynamic acceleration characteristic of super-twisted sliding mode reaching law was considered to optimize the control high frequency change caused by trajectory mutation; and an improved super-twist reaching law was designed. Then, a nonlinear factor was designed to construct a nonlinear, fault-tolerant filtering mechanism to compensate for the abnormal part of the unknown input that cannot be executed by adaptive neural network reconstruction. On this basis, the finite-time technology and parameter-event-triggered mechanism were combined to reduce the dependence on communication resources. As a result, the design underwent simulation verification to verify its effectiveness and superiority. In the comparative simulation, under a consistent probability of a network attack, the tracking accuracy of the algorithm proposed in this paper was 22.65%, 12.69% and 11.48% higher those that of the traditional algorithms.

RDS: FPGA Routing Delay Sensors for Effective Remote Power Analysis Attacks

State-of-the-art sensors for measuring FPGA voltage fluctuations are time-to-digital converters (TDCs). They allow detecting voltage fluctuations in the order of a few nanoseconds. The key building component of a TDC is a delay line, typically implemented as a chain of fast carry propagation multiplexers. In FPGAs, the fast carry chains are constrained to dedicated logic and routing, and need to be routed strictly vertically. In this work, we present an alternative approach to designing on-chip voltage sensors, in which the FPGA routing resources replace the carry logic. We present three variants of what we name a routing delay sensor (RDS): one vertically constrained, one horizontally constrained, and one free of any constraints. We perform a thorough experimental evaluation on both the Sakura-X side-channel evaluation board and the Alveo U200 datacenter card, to evaluate the performance of RDS sensors in the context of a remote power side-channel analysis attack. The results show that our best RDS implementation in most cases outperforms the TDC. On average, for breaking the full 128-bit key of an AES-128 cryptographic core, an adversary requires 35% fewer side-channel traces when using the RDS than when using the TDC. Besides making the attack more effective, given the absence of the placement and routing constraint, the RDS sensor is also easier to deploy.

Mobile Device Security Evaluation using Reverse TCP Method

Security evaluation on Android devices is critical so that users of the operating system are protected from malware attacks such as remote access trojans that can steal users' credential data. Remote access trojan (RAT) attacks can be anticipated by detecting vulnerabilities in applications and systems. This study simulates a remote access trojan attack by exploiting it until the Attacker gains full access to the victim's device. The episode is carried out with several steps: creating a payload, installing applications to the victim's device, connecting listeners, and performing exploits to retrieve important information on the victim's device. Test material using Android 12, problems occurred when trying to install the application because a harmful warning will appear from Play Protect due to not using the latest version of privacy protection which causes the application to be indicated as malware and the like. On Android 11, the application injected with the backdoor was successfully installed on the device and successfully accessed by the attacker. Attackers also get vital information, including system information, contacts, call logs, messages, and full access to the victim's device system directory. Based on this research, it is expected that Android device users constantly update the Android version on the device they are using.

Pengembangan Perangkat Lunak Untuk Deteksi DDoS Berbasis Neural Network

System security issues are a vital factor that needs to be considered in the operation of systems and networks, which will later be used for disaster mitigation and preventing attacks on the network. Distributed Denial of Services (DDoS) is a form of attack carried out by individuals or groups to damage data through servers or malware in the form of flooding packets, therefore it can paralyze the network system used. Network security is a factor that must be maintained and considered in an information system. DDoS can take the form of Ping of Death, flood, Remote control attack, User Data Protocol (UDP) flood, and Smurf Attack. This study aims to develop software to detect DDoS attacks based on network traffic logs. The software has been tested and run according to the neural network algorithm. This software was developed with an interface that makes it easier for users to detect the source IP whether the IP is carrying out a DDoS attack or normal.

ZeroCross: A sidechain-based privacy-preserving Cross-chain solution for Monero

Sidechain-based Cross-chain exchange protocols enable payers to exchange cryptocurrencies among different blockchains via a sidechain. Many efforts, such as P2DEX (ACNS' 21), have been proposed to enhance cross-chain exchange privacy protection. However, existing sidechain-based cross-chain solutions for Monero on privacy concerns have limitations: requiring multiple pairs of parties paying simultaneously or fixed transaction amounts. This paper proposes ZeroCross, a novel privacy-preserving sidechain-based scheme that guarantees transaction unlinkability, exchanging fairness, and value confidentiality. ZeroCross designs: (i) a key exchange mechanism that guarantees exchanging fairness and (ii) a verification mechanism that utilizes CP-SNARK to ensure the transaction is confirmed without revealing the details of transactions. In addition, we discuss the influence of the remote side-channel attack in cross-chain exchange and the defence strategy. Finally, we prove the privacy and security of ZeroCross under the Universal Composability (UC) framework and evaluate the practical performance on computation and communication costs.

Maya: Using Formal Control to Obfuscate Power Side Channels

The security of computers is at risk because of information leaking through their power consumption. Attackers can use advanced signal measurement and analysis to recover sensitive data from this side channel. To address this problem, this article presents Maya, a simple and effective defense against power side channels. The idea is to use formal control to re-shape the power dissipated by a computer in an application-transparent manner—preventing attackers from learning any information about the applications that are running. With formal control, a controller can reliably keep power consumption close to a desired target function even when runtime conditions change unpredictably. By selecting the target function intelligently, the controller can make power to follow any desired shape, appearing to carry activity information which, in reality, is unrelated to the application. Maya can be implemented in privileged software, firmware and hardware. We implement Maya on three machines using only privileged threads against machine learning based attacks, and show its effectiveness and ease of deployment. Maya has already thwarted a newly developed remote power attack.

Extracting Behavior Identification Features for Monitoring and Managing Speech-Dependent Smart Mental Illness Healthcare Systems.

Speech is one of the major communication tools to share information among people. This exchange method has a complicated construction consisting of not the best imparting of voice but additionally consisting of the transmission of many-speaker unique information. The most important aim of this research is to extract individual features through the speech-dependent health monitoring and management system; through this system, the speech data can be collected from a remote location and can be accessed. The experimental analysis shows that the proposed model has a good efficiency. Consequently, in the last 5 years, many researchers from this domain come in front to explore various aspects of speech which includes speech analysis using mechanical signs, human system interaction, speaker, and speech identification. Speech is a biometric that combines physiological and behavioural characteristics. Especially beneficial for remote attack transactions over telecommunication networks, the medical information of each person is quite a challenge, e.g., like COVID-19 where the medical team has to identify each person in a particular region that how many people got affected by some disease and took a quick measure to get protected from such diseases and what are the safety measure required. Presently, this task is the most challenging one for researchers. Therefore, speech-based mechanisms might be useful for tracking his/her voice quality or throat getting affected. By collecting the database of people matched and comparing with his/her original database, it can be identified in such scenarios. This provides the better management system without touching and maintains a safe distance data that can be gathered and processed for further medical treatment. Many research studies have been done but speech-dependent approach is quite less and it requires more work to provide such a smart system in society, and it may be possible to reduce the chances to come into contact with viral effected people in the future and protect society for the same.

Noise-Free Security Assessment of Eviction Set Construction Algorithms with Randomized Caches

Cache timing attacks, i.e., a class of remote side-channel attack, have become very popular in recent years. Eviction set construction is a common step for many such attacks, and algorithms for building them are evolving rapidly. On the other hand, countermeasures are also being actively researched and developed. However, most countermeasures have been designed to secure last-level caches and few of them actually protect the entire memory hierarchy. Cache randomization is a well-known mitigation technique against cache attacks that has a low-performance overhead. In this study, we attempted to determine whether address randomization on first-level caches is worth considering from a security perspective. In this paper, we present the implementation of a noise-free cache simulation framework that enables the analysis of the behavior of eviction set construction algorithms. We show that randomization at the first level of caches (L1) brings about improvements in security but is not sufficient to mitigate all known algorithms, such as the recently developed Prime–Prune–Probe technique. Nevertheless, we show that L1 randomization can be combined with a lightweight random eviction technique in higher-level caches to mitigate known conflict-based cache attacks.

Protection against remote desktop attacks

This paper overviews the most common malicious software types. The motivationof writing this paper was a real wordcase studythat had to be investigated. Acomputer was suspected to have had an unwanted remote desktop connection attack. This paper presents how to investigatethe event log artifacts. For the unfortunate case when such an attack is proved to have happened, the second part of the article describes a method that allows the system administrator to detect brute force attacks through the remote desktop connection. When such an attack was revealed, the attacker’s IP address can be blacklisted.

IMPLEMENTASI APLIKASI SOFTWARE NATURAL NETWORK MENDETEKSI TINGKATAN SERANGAN DDOS PADA JARINGAN KOMPUTER

Security issues of a system are factors that need to be considered in the operation of information systems, which are intended to prevent threats to the system and detect and correct any damage to the system. Distributed Denial of Services (DDOS) is a form of attack carried out by someone, individuals or groups to damage data that can be attacked through a server or malware in the form of packages that damage the network system used. Security is a mandatory thing in a network to avoid damage to the data system or loss of data from bad people or heckers. Packages sent in the form of malware that attacks, causing bandwidth hit continuously. Network security is a factor that must be maintained and considered in an information system. Ddos forms are Ping of Death, flooding, Remote controled attack, UDP flood, and Smurf Attack. The goal is to use DDOS to protect or prevent system threats and improve damaged systems. Computer network security is very important in maintaining the security of data in the form of small data or large data used by the user.