Biblio

Intrusion Detection systems are important tools in preventing malicious traffic from penetrating into networks and systems. Recently, Intrusion Detection Systems are rapidly enhancing their detection capabilities using machine learning algorithms. However, these algorithms are vulnerable to new unknown types of attacks that can evade machine learning IDS. In particular, they may be vulnerable to attacks based on Generative Adversarial Networks (GAN). GANs have been widely used in domains such as image processing, natural language processing to generate adversarial data of different types such as graphics, videos, texts, etc. We propose a model using GAN to generate adversarial DDoS attacks that can change the attack profile and can be undetected. Our simulation results indicate that by continuous changing of attack profile, defensive systems that use incremental learning will still be vulnerable to new attacks.

In an online social network, users exhibit personal information to enjoy social interaction. The social network provider (SNP) exploits users' information for revenue generation through targeted advertising. The SNP can present ads to proper users efficiently. Therefore, an advertiser is more willing to pay for targeted advertising. However, the over-exploitation of users' information would invade users' privacy, which would negatively impact users' social activeness. Motivated by this, we study the optimal privacy policy of the SNP with targeted advertising business. We characterize the privacy policy in terms of the fraction of users' information that the provider should exploit, and formulate the interactions among users, advertiser, and SNP as a three-stage Stackelberg game. By carefully leveraging supermodularity property, we reveal from the equilibrium analysis that higher information exploitation will discourage users from exhibiting information, lowering the overall amount of exploited information and harming advertising revenue. We further characterize the optimal privacy policy based on the connection between users' information levels and privacy policy. Numerical results reveal some useful insights that the optimal policy can well balance the users' trade-off between social benefit and privacy loss.

Generative Adversarial Network (GAN) has already made a big splash in the field of generating realistic "fake" data. However, when data is distributed and data-holders are reluctant to share data for privacy reasons, GAN's training is difficult. To address this issue, we propose private FL-GAN, a differential privacy generative adversarial network model based on federated learning. By strategically combining the Lipschitz limit with the differential privacy sensitivity, the model can generate high-quality synthetic data without sacrificing the privacy of the training data. We theoretically prove that private FL-GAN can provide strict privacy guarantee with differential privacy, and experimentally demonstrate our model can generate satisfactory data.

DNN models have suffered from adversarial example attacks, which lead to inconsistent prediction results. As opposed to the gradient-based attack, which assumes white-box access to the model by the attacker, we focus on more realistic input perturbations from the real-world and their actual impact on the model robustness without any presence of the attackers. In this work, we promote a standardized framework to quantify the robustness against real-world threats. It is composed of a set of safety properties associated with common violations, a group of metrics to measure the minimal perturbation that causes the offense, and various criteria that reflect different aspects of the model robustness. By revealing comparison results through this framework among 13 pre-trained ImageNet classifiers, three state-of-the-art object detectors, and three cloud-based content moderators, we deliver the status quo of the real-world model robustness. Beyond that, we provide robustness benchmarking datasets for the community.

The long-distance transmission of quantum secret key is a challenge for quantum communication. As far as the current relay technology is concerned, the trusted relay technology is a more practical scheme. However, the trusted relay technology requires every relay node to be trusted, but in practical applications, the security of some relay nodes cannot be guaranteed. How to overcome the security problem of trusted relay technology and realize the security key distribution of remote quantum network has become a new problem. Therefore, in this paper, a method of quantum key distribution in ring network is proposed under the condition of the coexistence of trusted and untrusted repeaters, and proposes a partially-trusted based routing algorithm (PT-RA). This scheme effectively solves the security problem of key distribution in ring backbone network. And simulation results show that PT-RA can significantly improve key distribution success rate compared with the original trusted relay technology.

Pseudorandom bit generators (PRBG) can be designed to take the advantage of some hard number theoretic problems such as the discrete logarithm problem (DLP). Such type of generators will have good randomness and unpredictability properties as it is so difficult to find an easy solution to the regarding mathematical dilemma. Hash functions in turn play a remarkable role in many cryptographic tasks to achieve various security strengths. In this paper, a pseudorandom bit generator mechanism that is based mainly on the elliptic curve discrete logarithm problem (ECDLP) and hash derivation function is proposed. The cryptographic hash functions are used in consuming applications that require various security strengths. In a good hash function, finding whatever the input that can be mapped to any pre-specified output is considered computationally infeasible. The obtained pseudorandom bits are tested with NIST statistical tests and it also could fulfill the up-to-date standards. Moreover, a 256 × 256 grayscale images are encrypted with the obtained pseudorandom bits following by necessary analysis of the cipher images for security prove.

The complexity of building, deploying, and managing cross-organizational enterprise computing services with self-service, security, and quality assurances has been increasing exponentially in the era of hybrid multiclouds. AI-accelerated material discovery capabilities, for example, are desirable for enterprise application users to consume through business API services with assurance of satisfactory nonfunctional properties, e.g., enterprise-compliant self-service management of sharable sensitive data and machine learning capabilities at Internet scale. This paper presents a composable microservices based approach to creating and continuously improving enterprise computing services. Moreover, it elaborates on several key architecture design decisions for Navarch, a composable enterprise microservices fabric that facilitates consuming, managing, and composing enterprise API services. Under service management model of individual administration, every Navarch microservice is a managed composable API service that can be provided by an internal organization, an enterprise partner, or a public service provider. This paper also illustrates a Navarch-enabled systematic and efficient approach to transforming an AI-accelerated material discovery tool into secure, scalable, and composable enterprise microservices. Performance of the microservices can be continuously improved by exploiting advanced heterogeneous microservice hosting infrastructures. Factual comparative performance analyses are provided before the paper concludes with future work.

Tensors, as the multidimensional generalization of matrices, are naturally suited for representing and processing high-dimensional data. To date, tensors have been widely adopted in various data-intensive applications, such as machine learning and big data analysis. However, due to the inherent large-size characteristics of tensors, tensor algorithms, as the approaches that synthesize, transform or decompose tensors, are very computation and storage expensive, thereby hindering the potential further adoptions of tensors in many application scenarios, especially on the resource-constrained hardware platforms. In this paper, we propose a reduced-complexity SVD (Singular Vector Decomposition) scheme, which serves as the key operation in Tucker decomposition. By using iterative self-multiplication, the proposed scheme can significantly reduce the storage and computational costs of SVD, thereby reducing the complexity of the overall process. Then, corresponding hardware architecture is developed with 28nm CMOS technology. Our synthesized design can achieve 102GOPS with 1.09 mm2 area and 37.6 mW power consumption, and thereby providing a promising solution for accelerating Tucker decomposition.

A approach to research on the attack mechanism designs through attack surface technology due to the complexity of the attack mechanism. The attack mechanism of a mimic architecture is analyzed in a relative way using attack surface metrics to indicate whether mimic architectures are safer than non-mimic architectures. The definition of the architectures attack surface in terms of the mimic brackets along three abstract dimensions referenced the system attack surface. The larger the attack surface, the more likely the architecture will be attacked.

Based on the analysis of cluster supply chain risk characteristics, starting from the analysis of technical risk dimensions, information risk dimensions, human risk dimensions, and capital risk dimensions, a cluster supply chain risk severity assessment index system is designed. The fuzzy C-means clustering algorithm based on data flow is used to cluster each supply chain, analyze the risk severity of the supply chain, and evaluate the decision of the supply chain risk severity level based on the cluster weights and cluster center range. Based on the analytic hierarchy process, the risk severity of the entire clustered supply chain is made an early warning decision, and the clustered supply chain risk severity early warning level is obtained. The results of simulation experiments verify the feasibility of the decision method for cluster supply chain risk severity, and improve the theoretical support for cluster supply chain risk severity prediction.

Semantic metadata is an important means to promote the integration of information and services and improve the level of search and discovery automation. Aiming at the problems that machine is difficult to handle service metadata description and lack of information metadata description in current SWIM information services, this paper analyzes the methods of metadata sematic empowerment and mainstream semantic metadata standards related to air traffic control system, constructs the SWIM information, and service sematic metadata model based on semantic expansion. The method of semantic metadata model mapping is given from two aspects of service and data, which can be used to improve the level of information sharing and intelligent processing.

Electronic crimes like data breaches in healthcare systems are often a fundamental failures of access control mechanisms. Most of current access control systems do not provide an accessible way to engage users in decision making processes, about who should have access to what data and when. We advocate that a policy ontology can contribute towards the development of an effective access control system by attributing responsibility for data breaches. We propose a responsibility attribution model as a theoretical construct and discuss its implication by introducing a cost model for data breach countermeasures. Then, a policy ontology is presented to realize the proposed responsibility and cost models. An experimental study on the performance of the proposed framework is conducted with respect to a more generic access control framework. The practicality of the proposed solution is demonstrated through a case study from the healthcare domain.

Computing capabilities such as real time data, unlimited connection, data from sensors, environmental analysis, automated decisions (machine learning) are demanded by many areas like industry for example decision making, machine learning, by research and military, for example GPS, sensor data collection. The possibility to make these features compatible with each domain that demands them is known as ubiquitous computing. Ubiquitous computing includes network topologies such as wireless sensor networks (WSN) which can help further improving the existing communication, for example the Internet. Also, ubiquitous computing is included in the Internet of Things (IoT) applications. In this article, it is discussed the mobility of WSN and its advantages and innovations, which make possible implementations for smart home and office. Knowing the growing number of mobile users, we place the mobile phone as the key factor of the future ubiquitous wireless networks. With secure computing, communicating, and storage capacities of mobile devices, they can be taken advantage of in terms of architecture in the sense of scalability, energy efficiency, packet delay, etc. Our work targets to present a structure from a ubiquitous computing point of view for researchers who have an interest in ubiquitous computing and want to research on the analysis, to implement a novel method structure for the ubiquitous computing system in military sectors. Also, this paper presents security and privacy issues in ubiquitous sensor networks (USN).

The transmission line tower is affected by the surface subsidence in the mined out area of coal mine, which will appear the phenomenon of subsidence, inclination and even tower collapse, threatening the operation safety of the transmission line tower in the mined out area. Therefore, a Safety and Damage Assessment Method of Transmission Line Tower in Goaf Based on Artificial Intelligence is proposed. Firstly, the geometric model of the coal seam in the goaf and the structural reliability model of the transmission line tower are constructed to evaluate the safety. Then, the random forest algorithm in artificial intelligence is used to evaluate the damage of the tower, so as to take protective measures in time. Finally, a finite element simulation model of tower foundation interaction is built, and its safety (force) and damage identification are experimentally analyzed. The results show that the proposed method can ensure high accuracy of damage assessment and reliable judgment of transmission line tower safety within the allowable error.

Visible light communication (VLC) is a promising technique in the fifth and beyond wireless communication networks. In this paper, a secure multiple-input single-output VLC network is studied, where simultaneous lightwave information and power transfer (SLIPT) is exploited to support energy-limited devices taking into account a practical non-linear energy harvesting model. Specifically, the optimal beamforming design problems for minimizing transmit power and maximizing the minimum secrecy rate are studied under the imperfect channel state information (CSI). S-Procedure and a bisection search is applied to tackle challenging non-convex problems and to obtain efficient resource allocation algorithm. It is proved that optimal beamforming schemes can be obtained. It is found that there is a non-trivial trade-off between the average harvested power and the minimum secrecy rate. Moreover, we show that the quality of CSI has a significant impact on achievable performance.

Open wireless channels make a wireless ad hoc network vulnerable to various security attacks, so it is crucial to design a routing protocol that can defend against the attacks of malicious nodes. In this paper, we first measure the trust value calculated by the node behavior in a period to judge whether the node is trusted, and then combine other QoS requirements as the routing metrics to design a secure routing approach. Moreover, we propose a deep learning-based model to learn the routing environment repeatedly from the data sets of packet flow and corresponding optimal paths. Then, when a new packet flow is input, the model can output a link set that satisfies the node's QoS and trust requirements directly, and therefore the optimal path of the packet flow can be obtained. The extensive simulation results show that compared with the traditional optimization-based method, our proposed deep learning-based approach cannot only guarantee more than 90% accuracy, but also significantly improves the computation time.

This study presents an open standards-based information system supporting democratisation and consumer empowerment through flexibility activation. This study describes a functional technical reference infrastructure: a secure, standard-based and viable communication backbone for flexibility activation. The infrastructure allows connection, registering, activation and reporting for different types of granular consumer flexibility. The flexibility sources can be directly controllable set points of chargers and stationary batteries, as well as controllable loads. The proposed communication system sees all these flexibility provisions as distributed energy resources in a wider sense, and the architecture allows consumer-level integration of different energy systems. This makes new flexibility sources fully available to the balancing responsible entities in a viable and realistically implementable manner. The proposed reference architecture, as implemented in the FLEXCoop project, relies on established open standards as it is based on the Open Automated Demand Response (OpenADR) and OAuth2/OpenID standards and the corresponding IEC 62746-10 standard, and it covers interfacing towards other relevant standards. The security and access implications are addressed by the OpenID security layer built on top of the OAuth2 and integrated with the OpenADR standard. To address the data protection and privacy aspects, the architecture is designed on the least knowledge principle.

Bring Your Own Device (BYOD) is a new trend where employees use their personal devices to connect to their organization networks to access sensitive information and work-related systems. One of the primary challenges in BYOD is to securely delete company data when an employee leaves an organization. In common BYOD programs, the personal device in use is completely wiped out. This may lead to the deletion of personal data during exit procedures. Due to performance and deletion latency, erasure of data in most file systems today results in unlinking the file location and marking data blocks as unused. This may suffice the need of a normal user trying to delete unwanted files but the file content is not erased from the data blocks and can be retrieved with the help of various data recovery and forensic tools. In this paper, we discuss: (1) existing work related to secure deletion, and (2) secure and selective deletion methods that delete only the required files or directories without tampering personal data. We present two per-file deletion methods: Overwriting data and Encryption based deletion which erase specific files securely. Our proposed per-file deletion methods reduce latency and performance overheads caused by overwriting an entire disk.

A secure-enhanced scheme based on deoxyribonucleic acid (DNA) encoding encryption and probabilistic shaping (PS) is proposed. Experimental results verify the superiority of our proposed scheme in the achievement of security and power gain. © 2020 The Author(s).

Deep learning is becoming a basis of decision making systems in many application domains, such as autonomous vehicles, health systems, etc., where the risk of misclassification can lead to serious consequences. It is necessary to know to which extent are Deep Neural Networks (DNNs) robust against various types of adversarial conditions. In this paper, we experimentally evaluate DNNs implemented in embedded device by using laser fault injection, a physical attack technique that is mostly used in security and reliability communities to test robustness of various systems. We show practical results on four activation functions, ReLu, softmax, sigmoid, and tanh. Our results point out the misclassification possibilities for DNNs achieved by injecting faults into the hidden layers of the network. We evaluate DNNs by using several different attack strategies to show which are the most efficient in terms of misclassification success rates. Outcomes of this work should be taken into account when deploying devices running DNNs in environments where malicious attacker could tamper with the environmental parameters that would bring the device into unstable conditions. resulting into faults.

With the rapid development of smart grids and the continuous deepening of informatization, while realizing remote telemetry and remote control of massive data-based grid operation, electricity information network security problems have become more serious and prominent. A method for electricity information network security situation prediction method based on improved deep belief network is proposed in this paper. Firstly, the affinity propagation clustering algorithm is used to determine the depth of the deep belief network and the number of hidden layer nodes based on sample parameters. Secondly, continuously adjust the scaling factor and crossover probability in the differential evolution algorithm according to the population similarity. Finally, a chaotic search method is used to perform a second search for the best individuals and similarity centers of each generation of the population. Simulation experiments show that the proposed algorithm not only enhances the generalization ability of electricity information network security situation prediction, but also has higher prediction accuracy.

Cloud computing provides an appearing application for compelling vision in managing big-data files and responding queries over a distributed cloud platform. To overcome privacy revealing risks, sensitive documents and private data are usually stored in the clouds in a cipher-based manner. However, it is inefficient to search the data in traditional encryption systems. Searchable encryption is a useful cryptographic primitive to enable users to retrieve data in ciphertexts. However, the traditional searchable encryptions provide lower search efficiency and cannot carry out fuzzy multikeyword queries. To solve this issue, in this article, we propose a searchable encryption that supports privacy-preserving fuzzy multikeyword search (SE-PPFM) in cloud systems, which is built by asymmetric scalar-product-preserving encryptions and Hadamard product operations. In order to realize the functionality of efficient fuzzy searches, we employ Word2vec as the primitive of machine learning to obtain a fuzzy correlation score between encrypted data and queries predicates. We analyze and evaluate the performance in terms of token of multikeyword, retrieval and match time, file retrieval time and matching accuracy, etc. The experimental results show that our scheme can achieve a higher efficiency in fuzzy multikeyword ciphertext search and provide a higher accuracy in retrieving and matching procedure.

With the development of the Internet, the amount of information on the Internet is increasing rapidly, which makes it difficult for people to select the information they really want. A recommendation system is an effective way to solve this problem. Fake users can be injected by criminals to attack the recommendation system; therefore, accurate identification of fake users is a necessary feature of the recommendation system. Existing fake user detection algorithms focus on designing recognition methods for different types of attacks and have limited detection capabilities against unknown or hybrid attacks. The use of deep learning models can automate the extraction of false user scoring features, but neural network models are not applicable to discrete user scoring data. In this paper, random walking is used to rearrange the otherwise discrete user rating data into a rating feature matrix with spatial continuity. The rating data and the text data have some similarity in the distribution mode. By effective analogy, the TextCNN model originally used in NLP domain can be improved and applied to the classification task of rating feature matrix. Combining the ideas of random walking and word vector processing, this paper proposes a TextCNN detection model for user rating data. To verify the validity of the proposed model, the model is tested on MoiveLens dataset against 7 different attack detection algorithms, and exhibits better performance when compared with 4 attack detection algorithms. Especially for the Aop attack, the proposed model has nearly 100% detection performance with F1 - value as the evaluation index.

When using deep learning for DDoS attack detection, there is a general degradation in detection performance due to small sample size. This paper proposes a small-sample DDoS attack detection method based on deep transfer learning. First, deep learning techniques are used to train several neural networks that can be used for transfer in DDoS attacks with sufficient samples. Then we design a transferability metric to compare the transfer performance of different networks. With this metric, the network with the best transfer performance can be selected among the four networks. Then for a small sample of DDoS attacks, this paper demonstrates that the deep learning detection technique brings deterioration in performance, with the detection performance dropping from 99.28% to 67%. Finally, we end up with a 20.8% improvement in detection performance by deep transfer of the 8LANN network in the target domain. The experiment shows that the detection method based on deep transfer learning proposed in this paper can well improve the performance deterioration of deep learning techniques for small sample DDoS attack detection.

Series DC electric springs (DCESs) are a state-of-the-art demand-side management (DSM) technology with the capability to reduce energy storage requirements of DC microgrids by manipulating the power of non-critical loads (NCLs). As the stability of DC microgrids is highly prone to dynamic interactions between the system active and passive components, this study intends to conduct a comprehensive small-signal stability analysis of a community DC microgrid integrated with distributed DCESs considering the effect of destabilizing constant power loads (CPLs). For this purpose, after deriving the small-signal model of a DCES-integrated microgrid, the sensitivity of the system dominant frequency modes to variations of various physical and control parameters is evaluated by means of eigenvalue analysis. Next, an active damping control method based on virtual RC parallel impedance is proposed for series DCESs to compensate for their slow dynamic response and to provide a dynamic stabilization function within the microgrid. Furthermore, impedance-based stability analysis is utilized to study the DC microgrid expandability in terms of integration with multiple DCESs. Finally, several case studies are presented to verify analytical findings of the paper and to evaluate the dynamic performance of the DC microgrid.