Biblio
The modular multilevel converter with series and parallel connectivity was shown to provide advantages in several industrial applications. Its reliability largely depends on the absence of failures in the power semiconductors. We propose and analyze a fault-diagnosis technique to identify shorted switches based on features generated through wavelet transform of the converter output and subsequent classification in support vector machines. The multi-class support vector machine is trained with multiple recordings of the output of each fault condition as well as the converter under normal operation. Simulation results reveal that the proposed method has high classification latency and high robustness. Except for the monitoring of the output, which is required for the converter control in any case, this method does not require additional module sensors.
Emerging cyber-physical systems (CPS) often require collecting end users' data to support data-informed decision making processes. There has been a long-standing argument as to the tradeoff between privacy and data utility. In this paper, we adopt a multiparametric programming approach to rigorously study conditions under which data utility has to be sacrificed to protect privacy and situations where free-lunch privacy can be achieved, i.e., data can be concealed without hurting the optimality of the decision making underlying the CPS. We formalize the concept of free-lunch privacy, and establish various results on its existence, geometry, as well as efficient computation methods. We propose the free-lunch privacy mechanism, which is a pragmatic mechanism that exploits free-lunch privacy if it exists with the constant guarantee of optimal usage of data. We study the resilience of this mechanism against attacks that attempt to infer the parameter of a user's data generating process. We close the paper by a case study on occupancy-adaptive smart home temperature control to demonstrate the efficacy of the mechanism.
This paper presents a wireless intrusion prevention tool for distributed denial of service attacks DDoS. This tool, called Wireless Distributed IPS WIDIP, uses a different collection of data to identify attackers from inside a private network. WIDIP blocks attackers and also propagates its information to other wireless routers that run the IPS. This communication behavior provides higher fault tolerance and stops attacks from different network endpoints. WIDIP also block network attackers at its first hop and thus reduce the malicious traffic near its source. Comparative tests of WIDIP with other two tools demonstrated that our tool reduce the delay of target response after attacks in application servers by 11%. In addition to reducing response time, WIDIP comparatively reduces the number of control messages on the network when compared to IREMAC.
Recent progress in style transfer on images has focused on improving the quality of stylized images and speed of methods. However, real-time methods are highly unstable resulting in visible flickering when applied to videos. In this work we characterize the instability of these methods by examining the solution set of the style transfer objective. We show that the trace of the Gram matrix representing style is inversely related to the stability of the method. Then, we present a recurrent convolutional network for real-time video style transfer which incorporates a temporal consistency loss and overcomes the instability of prior methods. Our networks can be applied at any resolution, do not require optical flow at test time, and produce high quality, temporally consistent stylized videos in real-time.
The chaotic system and cryptography have some common features. Due to the close relationship between chaotic system and cryptosystem, researchers try to combine the chaotic system with cryptosystem. In this study, security analysis of an encryption algorithm which aims to encrypt the data with ECG signals and chaotic functions was performed using the Logistic map in text encryption and Henon map in image encryption. In the proposed algorithm, text and image data can be encrypted at the same time. In addition, ECG signals are used to determine the initial conditions and control parameters of the chaotic functions used in the algorithm to personalize of the encryption algorithm. In this cryptanalysis study, the inadequacy of the mentioned process and the weaknesses of the proposed method have been determined. Encryption algorithm has not sufficient capacity to provide necessary security level of key space and secret key can be obtained with only one plaintext/ciphertext pair with chosen-plaintext attack.
The symmetric block ciphers, which represent a core element for building cryptographic communications systems and protocols, are used in providing message confidentiality, authentication and integrity. Various limitations in hardware and software resources, especially in terminal devices used in mobile communications, affect the selection of appropriate cryptosystem and its parameters. In this paper, an implementation of three symmetric ciphers (DES, 3DES, AES) used in different operating modes are analyzed on Android platform. The cryptosystems' performance is analyzed in different scenarios using several variable parameters: cipher, key size, plaintext size and number of threads. Also, the influence of parallelization supported by multi-core CPUs on cryptosystem performance is analyzed. Finally, some conclusions about the parameter selection for optimal efficiency are given.
It is a well-known fact that nowadays access to sensitive information is being performed through the use of a three-tier-architecture. Web applications have become a handy interface between users and data. As database-driven web applications are being used more and more every day, web applications are being seen as a good target for attackers with the aim of accessing sensitive data. If an organization fails to deploy effective data protection systems, they might be open to various attacks. Governmental organizations, in particular, should think beyond traditional security policies in order to achieve proper data protection. It is, therefore, imperative to perform security testing and make sure that there are no holes in the system, before an attack happens. One of the most commonly used web application attacks is by insertion of an SQL query from the client side of the application. This attack is called SQL Injection. Since an SQL Injection vulnerability could possibly affect any website or web application that makes use of an SQL-based database, the vulnerability is one of the oldest, most prevalent and most dangerous of web application vulnerabilities. To overcome the SQL injection problems, there is a need to use different security systems. In this paper, we will use 3 different scenarios for testing security systems. Using Penetration testing technique, we will try to find out which is the best solution for protecting sensitive data within the government network of Kosovo.
Traditionally, the vehicle has been the extension of the manual ambulatory system, docile to the drivers' commands. Recent advances in communications, controls and embedded systems have changed this model, paving the way to the Intelligent Vehicle Grid. The car is now a formidable sensor platform, absorbing information from the environment, from other cars (and from the driver) and feeding it to other cars and infrastructure to assist in safe navigation, pollution control and traffic management. The next step in this evolution is just around the corner: the Internet of Autonomous Vehicles. Like other important instantiations of the Internet of Things (e.g., the smart building, etc), the Internet of Vehicles will not only upload data to the Internet with V2I. It will also use V2V communications, storage, intelligence, and learning capabilities to anticipate the customers' intentions and learn from other peers. V2I and V2V are essential to the autonomous vehicle, but carry the risk of attacks. This paper will address the privacy attacks to which vehicles are exposed when they upload private data to Internet Servers. It will also outline efficient methods to preserve privacy.
Recognizing Families In the Wild (RFIW) is a large-scale, multi-track automatic kinship recognition evaluation, supporting both kinship verification and family classification on scales much larger than ever before. It was organized as a Data Challenge Workshop hosted in conjunction with ACM Multimedia 2017. This was achieved with the largest image collection that supports kin-based vision tasks. In the end, we use this manuscript to summarize evaluation protocols, progress made and some technical background and performance ratings of the algorithms used, and a discussion on promising directions for both research and engineers to be taken next in this line of work.
The Internet of Things (IoT) revolution promises to make our lives easier by providing cheap and always connected smart embedded devices, which can interact on the Internet and create added values for human needs. But all that glitters is not gold. Indeed, the other side of the coin is that, from a security perspective, this IoT revolution represents a potential disaster. This plethora of IoT devices that flooded the market were very badly protected, thus an easy prey for several families of malwares that can enslave and incorporate them in very large botnets. This, eventually, brought back to the top Distributed Denial of Service (DDoS) attacks, making them more powerful and easier to achieve than ever. This paper aims at provide an up-to-date picture of DDoS attacks in the specific subject of the IoT, studying how these attacks work and considering the most common families in the IoT context, in terms of their nature and evolution through the years. It also explores the additional offensive capabilities that this arsenal of IoT malwares has available, to mine the security of Internet users and systems. We think that this up-to-date picture will be a valuable reference to the scientific community in order to take a first crucial step to tackle this urgent security issue.
The IoT (Internet of Things) is one of the primary reasons for the massive growth in the number of connected devices to the Internet, thus leading to an increased volume of traffic in the core network. Fog and edge computing are becoming a solution to handle IoT traffic by moving timesensitive processing to the edge of the network, while using the conventional cloud for historical analysis and long-term storage. Providing processing, storage, and network communication at the edge network are the aim of fog computing to reduce delay, network traffic, and decentralise computing. In this paper, we define a framework that realises fog computing that can be extended to install any service of choice. Our framework utilises fog nodes as an extension of the traditional switch to include processing, networking, and storage. The fog nodes act as local decision-making elements that interface with software-defined networking (SDN), to be able to push updates throughout the network. To test our framework, we develop an IP spoofing security application and ensure its correctness through multiple experiments.
Reliable operation of electrical power systems in the presence of multiple critical N - k contingencies is an important challenge for the system operators. Identifying all the possible N - k critical contingencies to design effective mitigation strategies is computationally infeasible due to the combinatorial explosion of the search space. This paper describes two heuristic algorithms based on the iterative pruning of the candidate contingency set to effectively and efficiently identify all the critical N - k contingencies resulting in system failure. These algorithms are applied to the standard IEEE-14 bus system, IEEE-39 bus system, and IEEE-57 bus system to identify multiple critical N - k contingencies. The algorithms are able to capture all the possible critical N - k contingencies (where 1 ≤ k ≤ 9) without missing any dangerous contingency.
Mobile ad-hoc network (MANET) contains various wireless movable nodes which can communicate with each other and they don't require any centralized administrator or network infrastructure and also can communicate with full capacity because it is composed of mobile nodes. They transmit data to each other with the help of intermediate nodes by establishing a path. But sometime malicious node can easily enter in network due to the mobility of nodes. That malicious node can harm the network by dropping the data packets. These type of attack is called gray hole attack. For detection and prevention from this type of attack a mechanism is proposed in this paper. By using network simulator, the simulation will be carried out for reporting the difficulties of prevention and detection of multiple gray hole attack in the Mobile ad-hoc network (MANET). Particle Swarm Optimization is used in this paper. Because of ad-hoc nature it observers the changing values of the node, if the value is infinite then node has been attacked and it prevents other nodes from sending data to that node. In this paper, we present possible solutions to prevent the network. Firstly, find more than one route to transmit packets to destination. Second, we provide minimum time delay to deliver the packet. The simulation shows the higher throughput, less time delay and less packet drop.
Embry-Riddle Aeronautical University (ERAU) is working with the Air Force Research Lab (AFRL) to develop a distributed multi-layer autonomous UAS planning and control technology for gathering intelligence in Anti-Access Area Denial (A2/AD) environments populated by intelligent adaptive adversaries. These resilient autonomous systems are able to navigate through hostile environments while performing Intelligence, Surveillance, and Reconnaissance (ISR) tasks, and minimizing the loss of assets. Our approach incorporates artificial life concepts, with a high-level architecture divided into three biologically inspired layers: cyber-physical, reactive, and deliberative. Each layer has a dynamic level of influence over the behavior of the agent. Algorithms within the layers act on a filtered view of reality, abstracted in the layer immediately below. Each layer takes input from the layer below, provides output to the layer above, and provides direction to the layer below. Fast-reactive control systems in lower layers ensure a stable environment supporting cognitive function on higher layers. The cyber-physical layer represents the central nervous system of the individual, consisting of elements of the vehicle that cannot be changed such as sensors, power plant, and physical configuration. On the reactive layer, the system uses an artificial life paradigm, where each agent interacts with the environment using a set of simple rules regarding wants and needs. Information is communicated explicitly via message passing and implicitly via observation and recognition of behavior. In the deliberative layer, individual agents look outward to the group, deliberating on efficient resource management and cooperation with other agents. Strategies at all layers are developed using machine learning techniques such as Genetic Algorithm (GA) or NN applied to system training that takes place prior to the mission.
The size of counterfeiting activities is increasing day by day. These activities are encountered especially in electronics market. In this paper, a countermeasure against counterfeiting on intellectual properties (IP) on Field-Programmable Gate Arrays (FPGA) is proposed. FPGA vendors provide bitstream ciphering as an IP security solution such as battery-backed or non-volatile FPGAs. However, these solutions are secure as long as they can keep decryption key away from third parties. Key storage and key transfer over unsecure channels expose risks for these solutions. In this work, physical unclonable functions (PUFs) have been used for key generation. Generating a key from a circuit in the device solves key transfer problem. Proposed system goes through different phases when it operates. Therefore, partial reconfiguration feature of FPGAs is essential for feasibility of proposed system.
Over the last years, the number of rather simple interconnected devices in nonindustrial scenarios (e.g., for home automation) has steadily increased. For ease of use, the overall system security is often neglected. Before the Internet of Things (IoT) reaches the same distribution rate and impact in industrial applications, where security is crucial for success, solutions that combine usability, scalability, and security are required. We develop such a security system, mainly targeting sensor modules equipped with Radio Frequency IDentification (RFID) tags which we leverage to increase the security level. More specifically, we consider a network based on Message Queue Telemetry Transport (MQTT) which is a widely adopted protocol for the IoT.
In this paper, we present AnomalyDetect, an approach for detecting anomalies in cloud services. A cloud service consists of a set of interacting applications/processes running on one or more interconnected virtual machines. AnomalyDetect uses the Kalman Filter as the basis for predicting the states of virtual machines running cloud services. It uses the cloud service's virtual machine historical data to forecast potential anomalies. AnomalyDetect has been integrated with the AutoMigrate framework and serves as the means for detecting anomalies to automatically trigger live migration of cloud services to preserve their availability. AutoMigrate is a framework for developing intelligent systems that can monitor and migrate cloud services to maximize their availability in case of cloud disruption. We conducted a number of experiments to analyze the performance of the proposed AnomalyDetect approach. The experimental results highlight the feasibility of AnomalyDetect as an approach to autonomic cloud availability.
Tracing and integrating security requirements throughout the development process is a key challenge in security engineering. In socio-technical systems, security requirements for the organizational and technical aspects of a system are currently dealt with separately, giving rise to substantial misconceptions and errors. In this paper, we present a model-based security engineering framework for supporting the system design on the organizational and technical level. The key idea is to allow the involved experts to specify security requirements in the languages they are familiar with: business analysts use BPMN for procedural system descriptions; system developers use UML to design and implement the system architecture. Security requirements are captured via the language extensions SecBPMN2 and UMLsec. We provide a model transformation to bridge the conceptual gap between SecBPMN2 and UMLsec. Using UMLsec policies, various security properties of the resulting architecture can be verified. In a case study featuring an air traffic management system, we show how our framework can be practically applied.
Software Defined Networks (SDNs) have gained prominence recently due to their flexible management and superior configuration functionality of the underlying network. SDNs, with OpenFlow as their primary implementation, allow for the use of a centralised controller to drive the decision making for all the supported devices in the network and manage traffic through routing table changes for incoming flows. In conventional networks, machine learning has been shown to detect malicious intrusion, and classify attacks such as DoS, user to root, and probe attacks. In this work, we extend the use of machine learning to improve traffic tolerance for SDNs. To achieve this, we extend the functionality of the controller to include a resilience framework, ReSDN, that incorporates machine learning to be able to distinguish DoS attacks, focussing on a neptune attack for our experiments. Our model is trained using the MIT KDD 1999 dataset. The system is developed as a module on top of the POX controller platform and evaluated using the Mininet simulator.
A machine translation system that can convert South African Sign Language video to English audio or text and vice versa in real-time would be immensely beneficial to the Deaf and hard of hearing. Sign language gestures are characterised and expressed by five distinct parameters: hand location; hand orientation; hand shape; hand movement and facial expressions. The aim of this research is to recognise facial expressions and to compare the following feature descriptors: local binary patterns; compound local binary patterns and histogram of oriented gradients in two testing environments, a subset of the BU3D-FE dataset and the CK+ dataset. The overall accuracy, accuracy across facial expression classes, robustness to test subjects, and the ability to generalise of each feature descriptor within the context of automatic facial expression recognition are analysed as part of the comparison procedure. Overall, HOG proved to be a more robust feature descriptor to the LBP and CLBP. Furthermore, the CLBP can generally be considered to be superior to the LBP, but the LBP has greater potential in terms of its ability to generalise.