Search Results (6)

This study presents a practical methodology for executing Man-in-the-Middle (MitM) attacks on industrial control systems that utilize PROFINET I/O—a communication layer that remains largely underexplored in ICS cybersecurity research. A hybrid digital-twin-based testbed is developed by integrating Siemens S7-1500 and S7-1200 PLCs with a process replica implemented in PCSimu, together with a malicious application that modifies specific process data before it is delivered through the PROFINET I/O channel, enabling controlled falsification of process information in real time. The attacker operates through a Modbus TCP control channel while injecting the manipulated values into the 40-byte Real-Time Class 1 (RTC1) cyclic process-data payload while preserving frame integrity and protocol-level validity indicators. Experimental results show that SDU-level modifications on the 2-ms RTC1 cycle produced deterministic and fully reproducible effects on PLC-level behavior, including forced actuator confirmations and falsified process states, demonstrating the feasibility of both DI- and DO-level manipulation scenarios. Network captures and MSSQL-based event logs provide bit-level correlation between the injected SDU modifications and their impact on the automation sequence, confirming the reliability of the proposed manipulation mechanism. The testbed also supports the systematic generation of labeled datasets for training and evaluating machine-learning-based intrusion and anomaly-detection methods, and offers direct applicability to research, education, and operator-training activities in industrial cybersecurity. Overall, the proposed platform offers a secure, reproducible, and practically applicable environment for vulnerability assessment, attack simulation, and the development of detection techniques in industrial PROFINET networks. Full article

One of the features of network traffic in Internet of Things (IoT) environments is that various IoT devices periodically communicate with their vendor services by sending and receiving packets with unique characteristics through private protocols. This paper investigates semantic attacks in IoT environments. An IoT semantic attack is active, covert, and more dangerous in comparison with traditional semantic attacks. A compromised IoT server actively establishes and maintains a communication channel with its device, and covertly injects fingerprints into the communicated packets. Most importantly, this server not only de-anonymizes other IPs, but also infers the machine states of other devices (IPs). Traditional traffic anonymization techniques, e.g., Crypto-PAn and Multi-View, either cannot ensure data utility or is vulnerable to semantic attacks. To address this problem, this paper proposes a prefix- and distribution-preserving traffic anonymization method named PD-PAn, which generates multiple anonymized views of the original traffic log to defend against semantic attacks. The prefix relationship is preserved in the real view to ensure data utility, while the IP distribution characteristic is preserved in all the views to ensure privacy. Intensive experiments verify the vulnerability of the state-of-the-art techniques and effectiveness of PD-PAn. Full article

Web applications widely use the logging functionality, but improper handling can bring serious security threats. An attacker can trigger the execution of malicious data by writing malicious data to the web application logs and then accessing the view–logs interface, resulting in a vulnerability of the web application log injection. However, detecting this type of vulnerability requires automatic discovery of log-injectable interfaces and view–logs interfaces, which is difficult. In addition, bypasssing the application-specific input-filtering checks to write an effective payload to the log is also challenging. This paper proposes LogInjector, an efficient web application log injection vulnerability detection method. First, it obtains the log storage form and location and then finds the log-injectable interfaces through the extended dynamic crawler. Second, it automatically identifies the web application view–logs interfaces. Finally, LogInjector utilizes a dynamic testing approach based on the feedback-guided mutation to detect web application log injection vulnerabilities. To verify the effectiveness of LogInjector, we test it in 14 popular web applications in real-world cases and compare it with Black Widow, the state-of-the-art web vulnerability scanner. LogInjector detects 16 web application log injection vulnerabilities, including 6 zero-day vulnerabilities, while Black Widow can only detect three log injection vulnerabilities, demonstrating the effectiveness of LogInjector in practice. Full article

The growing use of the internet has resulted in an exponential rise in the use of web applications. Businesses, industries, financial and educational institutions, and the general populace depend on web applications. This mammoth rise in their usage has also resulted in many security issues that make these web applications vulnerable, thereby affecting the confidentiality, integrity, and availability of associated information systems. It has, therefore, become necessary to find vulnerabilities in these information system resources to guarantee information security. A publicly available web application vulnerability scanner is a computer program that assesses web application security by employing automated penetration testing techniques that reduce the time, cost, and resources required for web application penetration testing and eliminates test engineers’ dependency on human knowledge. However, these security scanners possess various weaknesses of not scanning complete web applications and generating wrong test results. Moreover, intensive research has been carried out to quantitatively enumerate web application security scanners’ results to inspect their effectiveness and limitations. However, the findings show no well-defined method or criteria available for assessing their results. In this research, we have evaluated the performance of web application vulnerability scanners by testing intentionally defined vulnerable applications and the level of their respective precision and accuracy. This was achieved by classifying the analyzed tools using the most common parameters. The evaluation is based on an extracted list of vulnerabilities from OWASP (Open Web Application Security Project). Full article

Purpose: To investigate the short- and long-term impact of COVID-19—related lockdown on the vision of patients requiring intravitreal injections (IVI) for neovascular Age-related Macular degeneration (nvAMD), diabetic retinopathy (DR), central retinal vein occlusion (CRVO), or branch retinal vein occlusion (BRVO). Methods: This is a retrospective study from the Retina department of three Mass Eye and Ear centers. Charts of patients age of ≥ 18 years with any of the abovementioned diagnoses who had a scheduled appointment anytime between 17 March 2020 until 18 May 2020 (lockdown period in Boston, Massachusetts) were reviewed at baseline (up to 12 weeks before the lockdown), at first available follow-up (=actual f/u) during or after the lockdown period, at 3 months, 6 months, and at last available completed appointment of 2020. Results: A total of 1001 patients met the inclusion criteria. Of those patients, 479 (47.9%) completed their intended f/u appointment, while 522 missed it (canceled and “no show”). The delay in care of those who missed it was 59.15 days [standard deviation (SD) ± 49.6]. In these patients, significant loss of vision was noted at actual f/u [Best corrected visual acuity (BCVA) in LogMAR (Logarithm of the Minimum Angle of Resolution)—mean (±SD)—completed: 0.45 (±0.46), missed: 0.53 (±0.55); p = 0.01], which was more prominent in the DR group [Visual acuity (VA) change in LogMAR—mean (±SD); completed: 0.04 (±0.28), missed: 0.18 (±0.44); p = 0.02] and CRVO [completed: −0.06 (±0.27), missed: 0.11 (±0.35); p = <0.001] groups followed by nvAMD [completed: 0.006 (±0.16), missed: 0.06 (±0.27); p = 0.004] and BRVO [completed: −0.02 (±0.1), missed: 0.03 (±0.14); p = 0.02] ones. Overall, a higher percent of people who missed their intended f/u experienced vision loss of more than 15 letters at last f/u compared to those who completed it [missed vs. completed; 13.4% vs. 7.4% in nvAMD (p = 0.72), 7.8% vs. 6.3% in DR (0.84), 15.5% vs. 9.9% in CRVO (p < 0.001) and 9.6% vs. 2% in BRVO (p = 0.48)]. Conclusions: Delay in care of about 8.45 weeks can lead to loss of vision in patients who receive IVI with DR and CRVO patients being more vulnerable in the short-term, whereas in the long-term, CRVO patients followed by the nvAMD patients demonstrating the least vision recovery. BRVO patients were less likely to be affected by the delay in care. Adherence to treatment is key for maintaining and improving visual outcomes in patients who require IVI. Full article

Modern-day aircraft are flying computer networks, vulnerable to ground station flooding, ghost aircraft injection or flooding, aircraft disappearance, virtual trajectory modifications or false alarm attacks, and aircraft spoofing. This work lays out a data mining process, in the context of big data, to determine flight patterns, including patterns for possible attacks, in the U.S. National Air Space (NAS). Flights outside the flight patterns are possible attacks. For this study, OpenSky was used as the data source of Automatic Dependent Surveillance-Broadcast (ADS-B) messages, NiFi was used for data management, Elasticsearch was used as the log analyzer, Kibana was used to visualize the data for feature selection, and Support Vector Machine (SVM) was used for classification. This research provides a solution for attack mitigation by packaging a machine learning algorithm, SVM, into an intrusion detection system and calculating the feasibility of processing US ADS-B messages in near real time. Results of this work show that ADS-B network attacks can be detected using network attack signatures, and volume and velocity calculations show that ADS-B messages are processable at the scale of the U.S. Next Generation (NextGen) Air Traffic Systems using commodity hardware, facilitating real time attack detection. Precision and recall close to 80% were obtained using SVM. Full article