Search Results (57)

The covert nature of DNS covert channels makes them a widely utilized method for data exfiltration by malicious attackers. In response to this challenge, the present study proposes a detection methodology for DNS covert channels that employs a Deep Boltzmann Machine with Enhanced Security (DBM-ENSec). This approach entails the creation of a dataset through the collection of malicious traffic associated with various DNS covert channel attacks. Time-dependent grouping features are excluded, and feature optimization is conducted on individual traffic data through feature selection and normalization to minimize redundancy, enhancing the differentiation and stability of the features. The result of this process is the extraction of 23-dimensional features for each DNS packet. The extracted features are converted to gray scale images to improve the interpretability of the model and then fed into an improved Deep Boltzmann Machine for further optimization. The optimized features are then processed by an ensemble of classifiers (including Random Forest, XGBoost, LightGBM, and CatBoost) for detection purposes. Experimental results show that the proposed method achieves 99.92% accuracy in detecting DNS covert channels, with a validation accuracy of up to 98.52% on publicly available datasets. Full article

There is a growing pressure on industry to secure environments and demonstrate their commitment in taking right steps to secure their products. This is because of the growing number of security compromises in the IT industry, Operational Technology environment, Internet of Things environment and smart home devices. These compromises are not just about data breaches or data exfiltration, but also about unauthorised access to devices that are not configured correctly and vulnerabilities in software components, which usually lead to insecure authentication and authorisation. Incorrect configurations are usually in the form of devices being made available on the Internet (public domain), reusable credentials, access granted without verifying the requestor, and easily available credentials like default credentials. Organisations seeking to address the dual pressure of demonstrating steps in the right direction and addressing unauthorised access to resources can find a viable approach in the form of the zero trust concept. Zero trust principles are about moving security controls closer to the data, applications, assets and services and are based on the principle of “never trust, always verify”. As it stands today, zero trust research has advanced far beyond the concept of “never trust, always verify”. This paper provides the culmination of a literature review of research conducted in the space of smart home devices and IoT and the applicability of the zero trust five-step implementation process to secure them. We discuss the history of zero trust, the tenets of zero trust, the five-step implementation process for zero trust, and its adoption for smart home devices and Internet of Things, and we provide suggestions for future research. Full article

The widespread adoption of web applications has led to a significant increase in the number of automated cyberattacks. Parameter tampering attacks pose a substantial security threat, enabling privilege escalation and unauthorized data exfiltration. Traditional pattern-based detection tools exhibit limited efficacy against such threats, as identical parameters may produce varying response patterns contingent on their processing context, including security filtering mechanisms. This study proposes a machine learning-based detection model to address these limitations by identifying parameter tampering vulnerabilities through a contextual analysis. The training dataset aggregates real-world vulnerability cases collected from web crawls, public vulnerability databases, and penetration testing reports. The Synthetic Minority Over-sampling Technique (SMOTE) was employed to address the data imbalance during training. Recall was adopted as the primary evaluation metric to prioritize the detection of true vulnerabilities. Comparative analysis showed that the XGBoost model demonstrated superior performance and was selected as the detection model. Validation was performed using web URLs with known parameter tampering vulnerabilities, achieving a detection rate of 73.3%, outperforming existing open-source automated tools. The proposed model enhances vulnerability detection by incorporating semantic representations of parameters and their values using BERT embeddings, enabling the system to learn contextual characteristics beyond the capabilities of pattern-based methods. These findings suggest the potential of the proposed method for scalable, efficient, and automated security diagnostics in large-scale web environments. Full article

Our society is becoming increasingly dependent on technology, with immersive virtual worlds such as Extended Reality (XR) transforming how we connect and interact. XR technologies enhance communication and operational efficiency. They have been adopted in sectors such as manufacturing, education, and healthcare. However, the immersive and interconnected nature of XR introduces security risks that span from technical and human to psychological vulnerabilities. In this study, we examined security threats in XR environments through a scenario-driven risk assessment, using a hybrid approach combining Common Vulnerability Scoring System (CVSS) metrics and a custom likelihood model to quantify risks. This methodology provides a comprehensive risk evaluation method, identifying critical vulnerabilities such as Remote Code Execution (RCE), social engineering, excessive permission exploitation, unauthorized access, and data exfiltration. The findings reveal that human vulnerabilities, including users’ susceptibility to deception and excessive trust in familiar interfaces and system prompts, significantly increase attack success rates. Additionally, developer mode, once enabled, remains continuously active, and the lack of authentication requirements for installing applications from unknown sources, coupled with poor permission management on the part of the users, creates security gaps that attackers can exploit. Furthermore, permission management in XR devices is often broad and persistent and lacks real-time notifications, allowing malicious applications to exploit microphone, camera, and location access without the users knowing. By leveraging CVSS scores and a structured likelihood-based risk assessment, we quantified the severity of these threats, with RCE, social engineering, and insecure app installation emerging as the greatest risks. This study highlights the necessity of implementing granular permission controls, formalized developer mode restrictions, and structured user education programs to mitigate XR-specific threats. Full article

The protection of personally identifiable information (PII) is being increasingly demanded by customers and governments via data protection regulations. Private and public organizations store and exchange through the Internet a large amount of data that include the personal information of users, employees, and customers. While discovering PII from a large unstructured text corpus is still challenging, a lot of research work has focused on identifying methods and tools for the detection of PII in real-time scenarios and the ability to discover data exfiltration attacks. In those research attempts, natural language processing (NLP)-based schemas are widely adopted. Our work combines NLP with deep learning to identify PII in unstructured texts. NLP is used to extract semantic information and the syntactic structure of the text. This information is then processed by a pre-trained Bidirectional Encoder Representations from Transformers (BERT) algorithm. We achieved high performance in detecting PII, reaching an accuracy of 99.558%. This represents an improvement of 7.47 percentage points over the current state-of-the-art model that we analyzed. However, the experimental results show that there is still room for improvement to obtain better accuracy in detecting PII, including working on a new, balanced, and higher-quality training dataset for pre-trained models. Our study contributions encourage researchers to enhance NLP-based PII detection models and practitioners to transform those models into privacy detection tools to be deployed in security operation centers. Full article

E-government and transparency are significantly improving public service management by encouraging trust, accountability, and the massive participation of citizens. On the one hand, e-government has facilitated online services to address bureaucratic processes more efficiently. On the other hand, transparency has promoted open access to public information from the State so that citizens can understand and track aspects of government processes more effectively. However, as both require extensive citizen information management, these initiatives may significantly compromise privacy by exposing personal data. To assess these privacy risks in a concrete scenario, we analyzed 21 public institutions in Ecuador through a proposed taxonomy of 6 categories and 17 subcategories of disclosed personal data on their online portals and websites due to LOTAIP transparency initiative. Moreover, 64 open-access systems from these 21 public institutions that accomplish e-government principles were analyzed through a proposed taxonomy of 8 categories and 77 subcategories of disclosed personal data. Our results suggest that personal data are not handled through suitable protection mechanisms, making them extremely vulnerable to manual and automated exfiltration attacks. The lack of awareness campaigns in Ecuador has also led many citizens to handle their personal data carelessly without being aware of the associated risks. Moreover, Ecuadorian citizens’ privacy is significantly compromised, including personal data from children and teenagers being intentionally exposed through e-government and transparency initiatives. Full article

Negative impacts of human activities on stream ecosystems include the reduction/modification of the connectivity between surface water and groundwater and the contamination of these resources. Vertical hydrological exchanges principally occur through the coarse surface sediments and the hyporheic zone (porous matrix) and these compartments have the property to store pollutants. Such hydrological exchanges participate in the self-purification of the stream and infiltration of polluted surface water can lead to the contamination of groundwater. A complete environmental monitoring program should therefore include the assessment of the biological quality of the porous matrix and of the dynamics of vertical hydrological exchanges. The Functional trait (FTR) method based on the study of oligochaete communities in the coarse surface sediments and the hyporheic zone, allows simultaneous assessment of the effects of pollutants present in these compartments and the dynamics of vertical hydrological exchanges. Here, we applied the FTR method upstream and downstream of the effluents of three different wastewater treatment plants (WWTPs) whose discharges were significantly polluted, and for one of them (Oberglatt), before and after its upgrading. We could clearly observe negative effects of the effluents of each of these WWTPs on oligochaete communities and the Oberglatt WWTP upgrading resulted, compared to the state before the upgrading, in a significant reduction of the polluted sludge effect at the downstream site of the effluent. In addition, the method allowed us to identify several sites where the stream had a high capacity to self-purify (through exfiltration of groundwater) and other sites where groundwater was vulnerable to pollution by surface water. Full article

Neural networks have become pivotal in advancing applications across various domains, including healthcare, finance, surveillance, and autonomous systems. To achieve low latency and high efficiency, field-programmable gate arrays (FPGAs) are increasingly being employed as accelerators for neural network inference in cloud and edge devices. However, the rising costs and complexity of neural network training have led to the widespread use of outsourcing of training, pre-trained models, and machine learning services, raising significant concerns about security and trust. Specifically, malicious actors may embed neural Trojans within NNs, exploiting them to leak sensitive data through side-channel analysis. This paper builds upon our prior work, where we demonstrated the feasibility of embedding Trojan side-channels in neural network weights, enabling the extraction of classification results via remote power side-channel attacks. In this expanded study, we introduced a broader range of experiments to evaluate the robustness and effectiveness of this attack vector. We detail a novel training methodology that enhanced the correlation between power consumption and network output, achieving up to a 33% improvement in reconstruction accuracy over benign models. Our approach eliminates the need for additional hardware, making it stealthier and more resistant to conventional hardware Trojan detection methods. We provide comprehensive analyses of attack scenarios in both controlled and variable environmental conditions, demonstrating the scalability and adaptability of our technique across diverse neural network architectures, such as MLPs and CNNs. Additionally, we explore countermeasures and discuss their implications for the design of secure neural network accelerators. To the best of our knowledge, this work is the first to present a passive output recovery attack on neural network accelerators, without explicit trigger mechanisms. The findings emphasize the urgent need to integrate hardware-aware security protocols in the development and deployment of neural network accelerators. Full article

Due to the widespread acceptance of ChatGPT, implementing large language models (LLMs) in real-world applications has become an important research area. Such productisation of technologies allows the public to use AI without technical knowledge. LLMs can revolutionise and automate various healthcare processes, but security is critical. If implemented in critical sectors such as healthcare, adversaries can manipulate the vulnerabilities present in such systems to perform malicious activities such as data exfiltration and manipulation, and the results can be devastating. While LLM implementation in healthcare has been discussed in numerous studies, threats and vulnerabilities identification in LLMs and their safe implementation in healthcare remain largely unexplored. Based on a comprehensive review, this study provides new findings which do not exist in the current literature. This research has proposed a taxonomy to explore LLM applications in healthcare, a threat model considering the vulnerabilities of LLMs which may affect their implementation in healthcare, and a security framework for the implementation of LLMs in healthcare and has identified future avenues of research in LLMs, cybersecurity, and healthcare. Full article

Climate change has increased the intensity and frequency of weather systems, increasing the risk of inundation in urban areas. To mitigate these risks, not only rivers but also entire catchments need to be managed, and the use of infiltration and retention units needs to be expanded. The ability to evaluate the effects of promoting infiltration and retention in catchments using distributed hydrological models, clarify the three-dimensional behavior of exfiltration from catchments into natural base soils, and parameterize this flow as a one-dimensional hypothetical water flux is essential. Using VGFlow2D (Forum8) and field observations, numerical analyses were conducted to parametrize the flux and assess the features of q/Ks values, representing the volume of three-dimensional water exfiltration from stormwater inlet bases into natural soils relative to the saturated hydraulic conductivity (Ks) of the soils. The findings were integrated into the hydrological model Infoworks ICM (Innovyze) by adding a single parameter, the “exfiltration loss rate”, to each inlet without increasing computational demands. The obtained q/Ks values were compared to previously reported values, and variations were evaluated using infiltration theory. Full article

To protect important data and files, people often use air gap isolation, also known as air gap separation, to block external threats. However, internal networks may still introduce pollution due to supply chain contamination, human error, or social engineering. Although internal devices cannot directly communicate with the outside world. This paper proposes a new technology called Bit Sufi-Dance that utilizes electricity meters and optical devices to detect exfiltrated data. Most electricity meters have power indicator mechanical turntables or LED lights which can be indirectly controlled by the device’s power consumption oscillation. This allows for information encoding and the extraction of data from the air-gapped computer. It is important to note that this exfiltration channel does not require any hardware or firmware modifications and cannot be detected by existing Data Leakage Prevention (DLP) systems. The article discusses its design and implementation issues while evaluating it using different types of electricity meters. Our experiment demonstrates that data can be exfiltrated from the air-gap isolated computer through an electricity meter at a bit rate of 101 b/h. Finally, we assess this security threat and discuss defense mechanisms and preventive measures. Full article

To protect critical computing systems from network attacks, modern enterprises typically employ physical isolation measures to disconnect them from open networks such as the Internet. However, attackers can still infiltrate these closed networks through internal employees or supply chain vulnerabilities. This presents the primary challenge that attackers face: how to effectively manage and manipulate infected devices that are isolated from the external network. In this paper, we propose a new covert communication technology called HydraulicBridge, which demonstrates how air gap networks can communicate through covert water pressure-fluctuation channels. Specifically, we demonstrate how water pressure from water pipes can be used to communicate with infected hosts within an air gap network. Additionally, we provide experimental results demonstrating the feasibility of covert channels and test the communication speed in the experimental environment. Finally, we offer a forensic analysis and propose various methods for detecting and blocking this channel. We believe that this study provides a comprehensive introduction to previously unseen attack vectors that security experts should be aware of. Full article

Hybrid threats exploit vulnerabilities in digital infrastructures, posing significant challenges to democratic countries and the resilience of critical infrastructures (CIs). This study explores integrating data governance with business process management in response actions to hybrid attacks, particularly those targeting CI vulnerabilities. This research analyzes hybrid threats as a multidimensional and time-dependent problem. Using the Business Process Model and Notation, this investigation explores data governance to counter CI-related hybrid threats. It illustrates the informational workflow and context awareness necessary for informed decision making in a cross-border hybrid threat scenario. An airport example demonstrates the proposed approach’s efficacy in ensuring stakeholder coordination for potential CI attacks requiring cross-border decision making. This study emphasizes the importance of the information security lifecycle in protecting digital assets and sensitive information through detection, prevention, response, and knowledge management. It advocates proactive strategies like implementing security policies, intrusion detection software tools, and IT services. Integrating Infosec with the methodology of confidentiality, integrity, and availability, especially in the response phase, is essential for a proactive Infosec approach, ensuring a swift stakeholder response and effective incident mitigation. Effective data governance protects sensitive information and provides reliable digital data in CIs like airports. Implementing robust frameworks enhances resilience against hybrid threats, establishes trusted information exchange, and promotes stakeholder collaboration for an emergency response. Integrating data governance with Infosec strengthens security measures, enabling proactive monitoring, mitigating threats, and safeguarding CIs from cyber-attacks and other malicious activities. Full article

Power lines are commonly utilized for energy transmission, and they serve as a conduit for data exfiltration or infiltration in some specific scenarios. This paper explores the feasibility of establishing bidirectional communication between a modified plug and the equipment power line within an air-gapped network organization and with external entities. Bidirectional air-gap communication includes two scenarios, the data leak from air-gapped networks and the transmission of external data to air-gapped networks, namely, exfiltration and infiltration. In the exfiltration scenario, software in the air-gapped networks modulates and encodes data by manipulating the power consumption of the equipment during transmission, which is then sent outside through the power line. The device utilizes a smart plug power meter to record current fluctuations and subsequently decode any leaked data. In the infiltration scenario, a smart plug is used to control the power supply status of a device’s power cord, enabling data encoding and decoding by turning the power supply on and off. The software in the air-gapped equipment captures and decodes the power supply status to infiltrate. We discuss relevant literature and provide scientific background on smart plugs and power line communication. We simulate the communication scenario, propose a communication scheme, and present data modulation techniques as well as a communication transmission protocol for air-gap channels. Our evaluation of the PowerBridge air-gap channels demonstrates that data can leak from the air-gapped computer into the power line at an approximate rate of 30 bps, which can be captured by the smart plug. Additionally, it is possible for data to penetrate from the smart plug into air-gapped networks at a speed exceeding 1 bps. Full article

Unintentional electromagnetic (EM) emissions often include information about the data processed by electronic devices. Intrusion based on an unintentional EM emission leaves no evidence of an attacker’s activity, while the data owner is unaware that it has been lost. EM attacks can be performed without physically damaging a device that operates regularly. The most typical intrusion activities involve sensitive data exfiltration using various methods that do not require the physical connection of devices to the computer network or communication channels. This research examines EM emissions from computer monitors, wireless keyboards and mice, printers, scanners, conductors, piezoelectric sensors (PES), and radio frequency identification (RFID) devices. The telecommunication electronics material protected from emanating spurious transmissions (TEMPEST) profiling as a performance engineering of the EM footprint is discussed. This study also presents different TEMPEST standards and highlights their importance concerning unintentional EM radiation. Full article