1
|
Abbas SG, Vaccari I, Hussain F, Zahid S, Fayyaz UU, Shah GA, Bakhshi T, Cambiaso E. Identifying and Mitigating Phishing Attack Threats in IoT Use Cases Using a Threat Modelling Approach. Sensors (Basel) 2021; 21:s21144816. [PMID: 34300556 PMCID: PMC8309744 DOI: 10.3390/s21144816] [Citation(s) in RCA: 4] [Impact Index Per Article: 1.3] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 05/27/2021] [Revised: 06/29/2021] [Accepted: 07/09/2021] [Indexed: 11/16/2022]
Abstract
Internet of things (IoT) is a technology that enables our daily life objects to connect on the Internet and to send and receive data for a meaningful purpose. In recent years, IoT has led to many revolutions in almost every sector of our society. Nevertheless, security threats to IoT devices and networks are relentlessly disruptive, because of the proliferation of Internet technologies. Phishing is one of the most prevalent threats to all Internet users, in which attackers aim to fraudulently extract sensitive information of a user or system, using fictitious emails, websites, etc. With the rapid increase in IoT devices, attackers are targeting IoT devices such as security cameras, smart cars, etc., and perpetrating phishing attacks to gain control over such vulnerable devices for malicious purposes. In recent decades, such scams have been spreading, and they have become increasingly advanced over time. By following this trend, in this paper, we propose a threat modelling approach to identify and mitigate the cyber-threats that can cause phishing attacks. We considered two significant IoT use cases, i.e., smart autonomous vehicular system and smart home. The proposed work is carried out by applying the STRIDE threat modelling approach to both use cases, to disclose all the potential threats that may cause a phishing attack. The proposed threat modelling approach can support the IoT researchers, engineers, and IoT cyber-security policymakers in securing and protecting the potential threats in IoT devices and systems in the early design stages, to ensure the secure deployment of IoT devices in critical infrastructures.
Collapse
Affiliation(s)
- Syed Ghazanfar Abbas
- Al-Khwarizmi Institute of Computer Science (KICS), University of Engineering & Technology (UET), Lahore 54890, Pakistan; (F.H.); (S.Z.); (U.U.F.); (G.A.S.)
- Correspondence: (S.G.A.); (I.V.)
| | - Ivan Vaccari
- Consiglio Nazionale delle Ricerche (CNR), IEIIT Institute, 16149 Genoa, Italy;
- Correspondence: (S.G.A.); (I.V.)
| | - Faisal Hussain
- Al-Khwarizmi Institute of Computer Science (KICS), University of Engineering & Technology (UET), Lahore 54890, Pakistan; (F.H.); (S.Z.); (U.U.F.); (G.A.S.)
| | - Shahzaib Zahid
- Al-Khwarizmi Institute of Computer Science (KICS), University of Engineering & Technology (UET), Lahore 54890, Pakistan; (F.H.); (S.Z.); (U.U.F.); (G.A.S.)
| | - Ubaid Ullah Fayyaz
- Al-Khwarizmi Institute of Computer Science (KICS), University of Engineering & Technology (UET), Lahore 54890, Pakistan; (F.H.); (S.Z.); (U.U.F.); (G.A.S.)
| | - Ghalib A. Shah
- Al-Khwarizmi Institute of Computer Science (KICS), University of Engineering & Technology (UET), Lahore 54890, Pakistan; (F.H.); (S.Z.); (U.U.F.); (G.A.S.)
| | - Taimur Bakhshi
- Department of Computer Science, National University of Computer and Emerging Sciences, Lahore 54000, Pakistan;
| | - Enrico Cambiaso
- Consiglio Nazionale delle Ricerche (CNR), IEIIT Institute, 16149 Genoa, Italy;
| |
Collapse
|
2
|
Vaccari I, Orani V, Paglialonga A, Cambiaso E, Mongelli M. A Generative Adversarial Network (GAN) Technique for Internet of Medical Things Data. Sensors (Basel) 2021; 21:s21113726. [PMID: 34071944 PMCID: PMC8197837 DOI: 10.3390/s21113726] [Citation(s) in RCA: 11] [Impact Index Per Article: 3.7] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 04/23/2021] [Revised: 05/18/2021] [Accepted: 05/25/2021] [Indexed: 11/16/2022]
Abstract
The application of machine learning and artificial intelligence techniques in the medical world is growing, with a range of purposes: from the identification and prediction of possible diseases to patient monitoring and clinical decision support systems. Furthermore, the widespread use of remote monitoring medical devices, under the umbrella of the "Internet of Medical Things" (IoMT), has simplified the retrieval of patient information as they allow continuous monitoring and direct access to data by healthcare providers. However, due to possible issues in real-world settings, such as loss of connectivity, irregular use, misuse, or poor adherence to a monitoring program, the data collected might not be sufficient to implement accurate algorithms. For this reason, data augmentation techniques can be used to create synthetic datasets sufficiently large to train machine learning models. In this work, we apply the concept of generative adversarial networks (GANs) to perform a data augmentation from patient data obtained through IoMT sensors for Chronic Obstructive Pulmonary Disease (COPD) monitoring. We also apply an explainable AI algorithm to demonstrate the accuracy of the synthetic data by comparing it to the real data recorded by the sensors. The results obtained demonstrate how synthetic datasets created through a well-structured GAN are comparable with a real dataset, as validated by a novel approach based on machine learning.
Collapse
Affiliation(s)
- Ivan Vaccari
- Consiglio Nazionale delle Ricerche (CNR), Institute of Electronics, Information Engineering and Telecommunications (IEIIT), 16149 Genoa, Italy; (V.O.); (E.C.); (M.M.)
- Correspondence: ; Tel.: +39-010-6475-215
| | - Vanessa Orani
- Consiglio Nazionale delle Ricerche (CNR), Institute of Electronics, Information Engineering and Telecommunications (IEIIT), 16149 Genoa, Italy; (V.O.); (E.C.); (M.M.)
| | - Alessia Paglialonga
- Consiglio Nazionale delle Ricerche (CNR), Institute of Electronics, Information Engineering and Telecommunications (IEIIT), 20133 Milan, Italy;
| | - Enrico Cambiaso
- Consiglio Nazionale delle Ricerche (CNR), Institute of Electronics, Information Engineering and Telecommunications (IEIIT), 16149 Genoa, Italy; (V.O.); (E.C.); (M.M.)
| | - Maurizio Mongelli
- Consiglio Nazionale delle Ricerche (CNR), Institute of Electronics, Information Engineering and Telecommunications (IEIIT), 16149 Genoa, Italy; (V.O.); (E.C.); (M.M.)
| |
Collapse
|
3
|
Abie H, Ranise S, Verderame L, Cambiaso E, Ugarelli R, Giunta G, Praça I, Battisti F. Inferring Anomaly Situation from Multiple Data Sources in Cyber Physical Systems. Cyber-Physical Security for Critical Infrastructures Protection 2021. [PMCID: PMC7888293 DOI: 10.1007/978-3-030-69781-5_5] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Indexed: 11/28/2022]
Abstract
Cyber physical systems are becoming ubiquitous devices in many fields thus creating the need for effective security measures. We propose to exploit their intrinsic dependency on the environment in which they are deployed to detect and mitigate anomalies. To do so, sensor measurements, network metrics, and contextual information are fused in a unified security architecture. In this paper, the model of the proposed framework is presented and a first proof of concept involving a telecommunication infrastructure case study is provided.
Collapse
Affiliation(s)
| | - Silvio Ranise
- University of Trento and Fondazione Bruno Kessler, Trento, Italy
| | | | - Enrico Cambiaso
- IEIIT Institute, Consiglio Nazionale delle Ricerche (CNR), Genoa, Italy
| | | | | | - Isabel Praça
- Instituto Superior de Engenharia do Porto, Porto, Portugal
| | | |
Collapse
|
4
|
Abie H, Ranise S, Verderame L, Cambiaso E, Ugarelli R, Giunta G, Praça I, Battisti F. Cross-Domain Security Asset Management for Healthcare. Cyber-Physical Security for Critical Infrastructures Protection 2021. [PMCID: PMC7888298 DOI: 10.1007/978-3-030-69781-5_10] [Citation(s) in RCA: 1] [Impact Index Per Article: 0.3] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Indexed: 11/24/2022]
Abstract
AbstractHealthcare is one of the most peculiar between all Critical Infrastructures due to its context and role in the society. The characteristics of openness and pervasive usage of IT systems and connected devices make it particularly exposed to both physical threats, such as theft and unauthorized access to restricted areas, and cyber attacks, like the notorious wannacry ransomware that abruptly disrupted the British National Health System in May 2017. Even the recent COVID-19 pandemic period has been negatively characterized by an increase of both physical and cyber incidents that specifically targeted hospitals and undermined an essential public service like healthcare. Effective security solutions are necessary in order to protect and enhance the resiliency of the Critical Infrastructures. This paper presents the work being developed in the context of the SAFECARE H2020 project, that specifically considers the requirements for security of hospitals. A particular focus is given to the asset management that consider cross-domain aspects of security, like the physical location and virtual connections that link different components of a hospital. This allows advanced knowledge that enables to infer and forewarn of possible elaborated cyber-physical kill chains. This is particularly important and useful during crisis, as allows to have a holistic overview of the status of the hospital and the potential impacts of one or more incidents to the critical assets. The description and simulation of an attack scenario is also given, together with the description of the messages exchanged by the security systems and the information made available to security operators.
Collapse
Affiliation(s)
| | - Silvio Ranise
- University of Trento and Fondazione Bruno Kessler, Trento, Italy
| | | | - Enrico Cambiaso
- IEIIT Institute, Consiglio Nazionale delle Ricerche (CNR), Genoa, Italy
| | | | | | - Isabel Praça
- Instituto Superior de Engenharia do Porto, Porto, Portugal
| | | |
Collapse
|
5
|
Abie H, Ranise S, Verderame L, Cambiaso E, Ugarelli R, Giunta G, Praça I, Battisti F. Towards a Global CIs’ Cyber-Physical Security Management and Joint Coordination Approach. Cyber-Physical Security for Critical Infrastructures Protection 2021. [PMCID: PMC7888292 DOI: 10.1007/978-3-030-69781-5_11] [Citation(s) in RCA: 1] [Impact Index Per Article: 0.3] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Indexed: 11/24/2022]
Abstract
Critical Infrastructures (CIs) face numerous cyber-physical threats that can affect citizens’ lives and habits, increase their feeling of insecurity, and influence the seamless services provision. During such incidents, but also in general for the security of CIs several internal and external stakeholders are involved, having different needs and requirements, trying to cooperate, respond and recover. Although CIs security management process is well analyzed in the literature there is a need to set a common ground among different CIs, thus reducing administration/coordination overhead and rendering the decision making and crisis management process more efficient. In this direction, this paper considers three different CIs (airport facilities, gas infrastructures, and hospitals); presents the current and emerging physical and cyber security related regulations and standards, operations, organisational and technical measure and; finally, through the discussion on gaps and best practices identified, proposes a global, cyber-physical security management and joint coordination approach. The proposed approach recommends among others that the adoption of a Holistic Security Operation Centre (HSOC) in each CI and a National Coordination Centre (NCC), supervising them, which will facilitate the communication and cooperation between the different CI operators and stakeholders, in case of an incident, that may have cascading effects to interconnected Infrastructures. The findings presented and the conclusions drawn are linked with three EU funded research projects (SATIE, SecureGas and SAFECARE), that aim to improve physical and cyber security of CIs in a seamless and cost-effective way.
Collapse
Affiliation(s)
| | - Silvio Ranise
- University of Trento and Fondazione Bruno Kessler, Trento, Italy
| | | | - Enrico Cambiaso
- IEIIT Institute, Consiglio Nazionale delle Ricerche (CNR), Genoa, Italy
| | | | | | - Isabel Praça
- Instituto Superior de Engenharia do Porto, Porto, Portugal
| | | |
Collapse
|
6
|
Abie H, Ranise S, Verderame L, Cambiaso E, Ugarelli R, Giunta G, Praça I, Battisti F. Fusing RGB and Thermal Imagery with Channel State Information for Abnormal Activity Detection Using Multimodal Bidirectional LSTM. Cyber-Physical Security for Critical Infrastructures Protection 2021. [PMCID: PMC7888295 DOI: 10.1007/978-3-030-69781-5_6] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Indexed: 11/25/2022]
Abstract
In this paper, we present a multimodal deep model for detection of abnormal activity, based on bidirectional Long Short-Term Memory neural networks (LSTM). The proposed model exploits three different input modalities: RGB imagery, thermographic imagery and Channel State Information from Wi-Fi signal reflectance to estimate human intrusion and suspicious activity. The fused multimodal information is used as input in a Bidirectional LSTM, which has the benefit of being able to capture temporal interdependencies in both past and future time instances, a significant aspect in the discussed unusual activity detection scenario. We also present a Bayesian optimization framework that fine-tunes the Bidirectional LSTM parameters in an optimal manner. The proposed framework is evaluated on real-world data from a critical water infrastructure protection and monitoring scenario and the results indicate a superior performance compared to other unimodal and multimodal approaches and classification models.
Collapse
Affiliation(s)
| | - Silvio Ranise
- University of Trento and Fondazione Bruno Kessler, Trento, Italy
| | | | - Enrico Cambiaso
- IEIIT Institute, Consiglio Nazionale delle Ricerche (CNR), Genoa, Italy
| | | | | | - Isabel Praça
- Instituto Superior de Engenharia do Porto, Porto, Portugal
| | | |
Collapse
|
7
|
Vaccari I, Chiola G, Aiello M, Mongelli M, Cambiaso E. MQTTset, a New Dataset for Machine Learning Techniques on MQTT. Sensors (Basel) 2020; 20:s20226578. [PMID: 33217936 PMCID: PMC7698741 DOI: 10.3390/s20226578] [Citation(s) in RCA: 39] [Impact Index Per Article: 9.8] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 09/30/2020] [Revised: 11/12/2020] [Accepted: 11/16/2020] [Indexed: 11/16/2022]
Abstract
IoT networks are increasingly popular nowadays to monitor critical environments of different nature, significantly increasing the amount of data exchanged. Due to the huge number of connected IoT devices, security of such networks and devices is therefore a critical issue. Detection systems assume a crucial role in the cyber-security field: based on innovative algorithms such as machine learning, they are able to identify or predict cyber-attacks, hence to protect the underlying system. Nevertheless, specific datasets are required to train detection models. In this work we present MQTTset, a dataset focused on the MQTT protocol, widely adopted in IoT networks. We present the creation of the dataset, also validating it through the definition of a hypothetical detection system, by combining the legitimate dataset with cyber-attacks against the MQTT network. Obtained results demonstrate how MQTTset can be used to train machine learning models to implement detection systems able to protect IoT contexts.
Collapse
Affiliation(s)
- Ivan Vaccari
- Consiglio Nazionale delle Ricerche (CNR), IEIIT Institute, 16149 Genoa, Italy; (M.A.); (M.M.); (E.C.)
- Department of Informatics, Bioengineering, Robotics and System Engineering (DIBRIS), University of Genoa, 16145 Genoa, Italy;
- Correspondence: ; Tel.: +39-010-6475-215
| | - Giovanni Chiola
- Department of Informatics, Bioengineering, Robotics and System Engineering (DIBRIS), University of Genoa, 16145 Genoa, Italy;
| | - Maurizio Aiello
- Consiglio Nazionale delle Ricerche (CNR), IEIIT Institute, 16149 Genoa, Italy; (M.A.); (M.M.); (E.C.)
| | - Maurizio Mongelli
- Consiglio Nazionale delle Ricerche (CNR), IEIIT Institute, 16149 Genoa, Italy; (M.A.); (M.M.); (E.C.)
| | - Enrico Cambiaso
- Consiglio Nazionale delle Ricerche (CNR), IEIIT Institute, 16149 Genoa, Italy; (M.A.); (M.M.); (E.C.)
| |
Collapse
|
8
|
Cambiaso E, Papaleo G, Aiello M. Slowcomm: Design, development and performance evaluation of a new slow DoS attack. Journal of Information Security and Applications 2017. [DOI: 10.1016/j.jisa.2017.05.005] [Citation(s) in RCA: 5] [Impact Index Per Article: 0.7] [Reference Citation Analysis] [What about the content of this article? (0)] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 10/19/2022]
|
9
|
|