In today's digital age, sensitive multimedia informations are transmitted over public networks that are vulnerable to unauthorized access and data tampering. This motivates more robust encryption methods to combat such security threats. In this paper, a chaotic map-based encryption technique is presented as a solution to these issues. The proposed algorithm termed as OptiSecure-3D presents optimized parameter-based 3D chaotic maps for image encryption. The method integrates three primary components: stacked autoencoder (SAE), optimized parameter-based chaotic mapping, and encryption/decryption module, to ensure robust and secure encryption of images. The result evaluated the proposed OptiSecure-3D image encryption algorithm with a randomness test, pixel adjacency correlation test, and differential analysis. The mean entropy was approx. 7.9 and the mean number of pixels changing rate (NPCR) was approx. 99.8, unified average changing intensity (UACI) was approx. 33.46. Moreover, the OptiSecure-3D algorithm also investigated the result under noise attacks and shows better cryptanalysis results as compared to comparative state-of-art models. The findings suggest that our chaotic map-based encryption technique not only provides an effective solution to the security vulnerabilities of digital image transmission but also enhances the overall reliability of multimedia communication systems. This paper presents a significant advancement in the field of secure image encryption to meets the increasing demands for data security in modern digital communication networks.

• Klíčová slova
• Chaotic maps, Compressed encryption, Image encryption, Optimization, Secure communication,
• Publikační typ
• časopisecké články MeSH

Social networks have greatly expanded in the last ten years the need for sharing multimedia data. However, on open networks such as the Internet, where security is frequently compromised, it is simple for eavesdroppers to approach the actual contents without much difficulty. Researchers have created a variety of encryption methods to strengthen the security of this transmission and make it difficult for eavesdroppers to get genuine data. However, these conventional approaches increase computing costs and communication overhead and do not offer protection against fresh threats. The problems with current algorithms encourage academics to further investigate the subject and suggest new algorithms that are more effective than current methods, that reduce overhead, and which are equipped with features needed by next-generation multimedia networks. In this paper, a genetic operator-based encryption method for multimedia security is proposed. It has been noted that the proposed algorithm produces improved key strength results. The investigations using attacks on data loss, differential assaults, statistical attacks, and brute force attacks show that the encryption technique suggested has improved security performance. It focuses on two techniques, bitplane slicing and followed by block segmentation and scrambling. The suggested method first divides the plaintext picture into several blocks, which is then followed by block swapping done by the genetic operator used to combine the genetic information of two different images to generate new offspring. The key stream is produced from an iterative chaotic map with infinite collapse (ICMIC). Based on a close-loop modulation coupling (CMC) approach, a three-dimensional hyperchaotic ICMIC modulation map is proposed. By using a hybrid model of multidirectional circular permutation with this map, a brand-new colour image encryption algorithm is created. In this approach, a multidirectional circular permutation is used to disrupt the image's pixel placements, and genetic operations are used to replace the pixel values. According to simulation findings and security research, the technique can fend off brute-force, statistical, differential, known-plaintext, and chosen-plaintext assaults, and has a strong key sensitivity.

• Klíčová slova
• CCI map, bitplane slicing, block swapping, logistic map, mutation, scrambling,
• MeSH
• algoritmy MeSH
• operátorové oblasti (genetika) MeSH
• počítačová simulace MeSH
• počítačové zpracování obrazu * metody   MeSH
• zabezpečení počítačových systémů * MeSH
• Publikační typ
• časopisecké články MeSH

In therapeutic diagnostics, early diagnosis and monitoring of heart disease is dependent on fast time-series MRI data processing. Robust encryption techniques are necessary to guarantee patient confidentiality. While deep learning (DL) algorithm have improved medical imaging, privacy and performance are still hard to balance. In this study, a novel approach for analyzing homomorphivally-encrypted (HE) time-series MRI data is introduced: The Multi-Faceted Long Short-Term Memory (MF-LSTM). This method includes privacy protection. The MF-LSTM architecture protects patient's privacy while accurately categorizing and forecasting cardiac disease, with accuracy (97.5%), precision (96.5%), recall (98.3%), and F1-score (97.4%). While segmentation methods help to improve interpretability by identifying important region in encrypted MRI images, Generalized Histogram Equalization (GHE) improves image quality. Extensive testing on selected dataset if encrypted time-series MRI images proves the method's stability and efficacy, outperforming previous approaches. The finding shows that the suggested technique can decode medical image to expose visual representation as well as sequential movement while protecting privacy and providing accurate medical image evaluation.

• Klíčová slova
• Encryption, Heart Disease, MRI Images, Multi-faceted long short-term memory (MF-LSTM),
• MeSH
• algoritmy MeSH
• deep learning MeSH
• důvěrnost informací MeSH
• lidé středního věku MeSH
• lidé MeSH
• magnetická rezonanční tomografie * metody   MeSH
• nemoci srdce * diagnostické zobrazování   MeSH
• neuronové sítě MeSH
• počítačové zpracování obrazu metody   MeSH
• soukromí * MeSH
• zabezpečení počítačových systémů MeSH
• Check Tag
• lidé středního věku MeSH
• lidé MeSH
• mužské pohlaví MeSH
• ženské pohlaví MeSH
• Publikační typ
• časopisecké články MeSH

New technologies and trends in industries have opened up ways for distributed establishment of Cyber-Physical Systems (CPSs) for smart industries. CPSs are largely based upon Internet of Things (IoT) because of data storage on cloud servers which poses many constraints due to the heterogeneous nature of devices involved in communication. Among other challenges, security is the most daunting challenge that contributes, at least in part, to the impeded momentum of the CPS realization. Designers assume that CPSs are themselves protected as they cannot be accessed from external networks. However, these days, CPSs have combined parts of the cyber world and also the physical layer. Therefore, cyber security problems are large for commercial CPSs because the systems move with one another and conjointly with physical surroundings, i.e., Complex Industrial Applications (CIA). Therefore, in this paper, a novel data security algorithm Dynamic Hybrid Secured Encryption Technique (DHSE) is proposed based on the hybrid encryption scheme of Advanced Encryption Standard (AES), Identity-Based Encryption (IBE) and Attribute-Based Encryption (ABE). The proposed algorithm divides the data into three categories, i.e., less sensitive, mid-sensitive and high sensitive. The data is distributed by forming the named-data packets (NDPs) via labelling the names. One can choose the number of rounds depending on the actual size of a key; it is necessary to perform a minimum of 10 rounds for 128-bit keys in DHSE. The average encryption time taken by AES (Advanced Encryption Standard), IBE (Identity-based encryption) and ABE (Attribute-Based Encryption) is 3.25 ms, 2.18 ms and 2.39 ms, respectively. Whereas the average time taken by the DHSE encryption algorithm is 2.07 ms which is very much less when compared to other algorithms. Similarly, the average decryption times taken by AES, IBE and ABE are 1.77 ms, 1.09 ms and 1.20 ms and the average times taken by the DHSE decryption algorithms are 1.07 ms, which is very much less when compared to other algorithms. The analysis shows that the framework is well designed and provides confidentiality of data with minimum encryption and decryption time. Therefore, the proposed approach is well suited for CPS-IoT.

• Klíčová slova
• ABE, AES, Cyber-Physical System (CPS), IBE, confidentiality, decryption, encryption, security, smart industrial environment,
• MeSH
• cloud computing * MeSH
• důvěrnost informací MeSH
• internet věcí * MeSH
• ukládání a vyhledávání informací MeSH
• zabezpečení počítačových systémů MeSH
• Publikační typ
• časopisecké články MeSH

We present a dataset that captures seven days of monitoring data from eight servers hosting more than 800 sites across a large campus network. The dataset contains data from network monitoring and host-based monitoring. The first set of data are packet traces collected by a probe situated on the network link in front of the web servers. The traces contain encrypted HTTP over TLS 1.2 communication between clients and web servers. The second set of data is an event log captured directly on the web servers. The events are generated by the Internet Information Services (IIS) logging and include both the IIS default features and custom features, such as client port and transferred data volume. Anonymization of all features in the dataset has been carefully carried out to prevent private information leakage while preserving the information value of the dataset. The dataset is suitable mainly for training machine learning techniques for anomaly detection and the identification of relationships between network traffic and events on web servers. We also add tools, settings, and a guide to convert the packet traces to IP flows that are often preferred for network traffic analysis.

• Klíčová slova
• Encrypted traffic analysis, Event-flow correlation, HTTPS dataset, Host-based data collection, Network data collection, TLS 1.2 encryption,
• Publikační typ
• časopisecké články MeSH

Encryption of network traffic should guarantee anonymity and prevent potential interception of information. Encrypted virtual private networks (VPNs) are designed to create special data tunnels that allow reliable transmission between networks and/or end users. However, as has been shown in a number of scientific papers, encryption alone may not be sufficient to secure data transmissions in the sense that certain information may be exposed. Our team has constructed a large dataset that contains generated encrypted network traffic data. This dataset contains a general network traffic model consisting of different types of network traffic such as web, emailing, video conferencing, video streaming, and terminal services. For the same network traffic model, data are measured for different scenarios, i.e., for data traffic through different types of VPNs and without VPNs. Additionally, the dataset contains the initial handshake of the VPN connections. The dataset can be used by various data scientists dealing with the classification of encrypted network traffic and encrypted VPNs.

• Klíčová slova
• IP flow, IPFIX, Machine Learning, Network traffic, SSTP, OpenVPN, Wireguard,
• Publikační typ
• časopisecké články MeSH

Most of the video content on the Internet today is distributed through online streaming platforms. To ensure user privacy, data transmissions are often encrypted using cryptographic protocols. In previous research, we first experimentally validated the idea that the amount of transmitted data belonging to a particular video stream is not constant over time or that it changes periodically and forms a specific fingerprint. Based on the knowledge of the fingerprint of a specific video stream, this video stream can be subsequently identified. Over several months of intensive work, our team has created a large dataset containing a large number of video streams that were captured by network traffic probes during their playback by end users. The video streams were deliberately chosen to fall thematically into pre-selected categories. We selected two primary platforms for streaming - PeerTube and YouTube The first platform was chosen because of the possibility of modifying any streaming parameters, while the second one was chosen because it is used by many people worldwide. Our dataset can be used to create and train machine learning models or heuristic algorithms, allowing encrypted video stream identification according to their content resp. type category or specifically.

• Klíčová slova
• Encrypted, Identification, Machine learning, Video stream,
• Publikační typ
• časopisecké články MeSH

Technologies for the Internet of Things (IoT) are maturing, yet no common standards dictate their direction, leaving space for a plethora of research directions and opportunities. Among the most important IoT topics is security. When we design a robust system, it is important to know the available options for facing common tasks related to access control, authentication, and authorization. In this review, we systematically analyze 1622 peer-reviewed publications from October 2017 to December 2020 to find the taxonomy of security solutions. In addition, we assess and categorize current practices related to IoT security solutions, commonly involved technologies, and standards applied in recent research. This manuscript provides a practical road map to recent research, guiding the reader and providing an overview of recent research efforts.

• Klíčová slova
• Internet of Things, authentication, authorization, identity management, security, survey,
• MeSH
• internet věcí * MeSH
• internet MeSH
• zabezpečení počítačových systémů MeSH
• Publikační typ
• časopisecké články MeSH
• přehledy MeSH
• systematický přehled MeSH

In recent years, the Industry 4.0 paradigm has accelerated the digitalization process of the industry, and it slowly diminishes the line between information technologies (IT) and operational technologies (OT). Among the advantages, this brings up the convergence issue between IT and OT, especially in the cybersecurity-related topics, including new attack vectors, threats, security imperfections, and much more. This cause raised new topics for methods focused on protecting the industrial infrastructure, including monitoring and detection systems, which should help overcome these new challenges. However, those methods require high quality and a large number of datasets with different conditions to adapt to the specific systems effectively. Unfortunately, revealing field factory setups and infrastructure would be costly and challenging due to the privacy and sensitivity causes. From the lack of data emerges the new topic of industrial testbeds, including sub-real physical laboratory environments, virtual factories, honeynets, honeypots, and other areas, which helps to deliver sufficient datasets for mentioned research and development. This paper summarizes related works in the area of industrial testbeds. Moreover, it describes best practices and lessons learned for assembling physical, simulated, virtual, and hybrid testbeds. Additionally, a comparison of the essential parameters of those testbeds is presented. Finally, the findings and provided information reveal research and development challenges, which must be surpassed.

• Klíčová slova
• HMI, OT, PLC, SCADA, cybersecurity, industrial control system (ICS), testbed,
• MeSH
• průmysl * MeSH
• technologie MeSH
• zabezpečení počítačových systémů * MeSH
• Publikační typ
• časopisecké články MeSH

In today's world, the volume of cyber attacks grows every year. These attacks can cause many people or companies high financial losses or loss of private data. One of the most common types of attack on the Internet is a DoS (denial-of-service) attack, which, despite its simplicity, can cause catastrophic consequences. A slow DoS attack attempts to make the Internet service unavailable to users. Due to the small data flows, these attacks are very similar to legitimate users with a slow Internet connection. Accurate detection of these attacks is one of the biggest challenges in cybersecurity. In this paper, we implemented our proposal of eleven major and most dangerous slow DoS attacks and introduced an advanced attack generator for testing vulnerabilities of protocols, servers, and services. The main motivation for this research was the absence of a similarly comprehensive generator for testing slow DoS vulnerabilities in network systems. We built an experimental environment for testing our generator, and then we performed a security analysis of the five most used web servers. Based on the discovered vulnerabilities, we also discuss preventive and detection techniques to mitigate the attacks. In future research, our generator can be used for testing slow DoS security vulnerabilities and increasing the level of cyber security of various network systems.

• Klíčová slova
• detection, network security, prevention, slow DoS attacks, vulnerability testing,
• MeSH
• lidé MeSH
• předpověď MeSH
• zabezpečení počítačových systémů * MeSH
• Check Tag
• lidé MeSH
• Publikační typ
• časopisecké články MeSH