Biblio

Effective information security risk management is essential for survival of any business that is dependent on IT. In this paper we present an efficient and effective solution to find best parameters for managing cyber risks using artificial intelligence. Genetic algorithm is use as it can provide our required optimization and intelligence. Results show that GA is professional in finding the best parameters and minimizing the risk.

Nowadays, smart cities (SCs) use technologies and different types of data collected to improve the lifestyles of their citizens. Indeed, connected smart vehicles are technologies used for an SC’s intelligent traffic monitoring systems (ITMSs). However, most proposed monitoring approaches do not consider realtime monitoring. This paper presents real-time data processing for an intelligent traffic monitoring dashboard using the Hadoop ecosystem dashboard components. Many data are available due to our proposed monitoring approach, such as the total number of vehicles on different routes and data on trucks within a radius (10KM) of a specific point given. Based on our generated data, we can make real-time decisions to improve circulation and optimize traffic flow.

XAI with natural language processing aims to produce human-readable explanations as evidence for AI decision-making, which addresses explainability and transparency. However, from an HCI perspective, the current approaches only focus on delivering a single explanation, which fails to account for the diversity of human thoughts and experiences in language. This paper thus addresses this gap, by proposing a generative XAI framework, INTERACTION (explain aNd predicT thEn queRy with contextuAl CondiTional varIational autO-eNcoder). Our novel framework presents explanation in two steps: (step one) Explanation and Label Prediction; and (step two) Diverse Evidence Generation. We conduct intensive experiments with the Transformer architecture on a benchmark dataset, e-SNLI [1]. Our method achieves competitive or better performance against state-of-the-art baseline models on explanation generation (up to 4.7% gain in BLEU) and prediction (up to 4.4% gain in accuracy) in step one; it can also generate multiple diverse explanations in step two.

Software supply chain attacks occur during the processes of producing software is compromised, resulting in vulnerabilities that target downstream customers. While the number of successful exploits is limited, the impact of these attacks is significant. Despite increased awareness and research into software supply chain attacks, there is limited information available on mitigating or architecting for these risks, and existing information is focused on singular and independent elements of the supply chain. In this paper, we extensively review software supply chain security using software development tools and infrastructure. We investigate the path that attackers find is least resistant followed by adapting and finding the next best way to complete an attack. We also provide a thorough discussion on how common software supply chain attacks can be prevented, preventing malicious hackers from gaining access to an organization's development tools and infrastructure including the development environment. We considered various SSC attacks on stolen code-sign certificates by malicious attackers and prevented unnoticed malware from passing by security scanners. We are aiming to extend our research to contribute to preventing software supply chain attacks by proposing novel techniques and frameworks.

In financial markets such as stock markets, securities are traded at a price where supply equals demand. Behind the impediments to the short-selling of stock, most participants in the stock market are buyers, so trades are more probable at higher prices than in situations without such restrictions. However, the order imbalance that occurs when buy orders exceed sell orders can change due to many factors. Hence, it is insufficient to discuss the effects of order imbalance caused by impediments to short-selling on the stock price only through empirical studies. Our study used an artificial market to investigate the effects on traded price and quantity of limit orders. The simulation results revealed that the order imbalance when buy orders exceed sell orders increases the traded price and results in fewer quantities of limit sell orders than limit buy orders. In particular, when the sell/buy ratio of the order imbalance model is less than or equal to 0.9, the limit sell/buy ratio becomes lower than that. Lastly, we investigated the mechanisms of the effects on traded price and quantity of limit orders.

Recent concepts in defense herald an increasing degree of automation of future military systems, with an emphasis on accelerating sensing-to-decision loops at the tactical edge, reducing their network communication footprint, and improving the inference quality of intelligent components in the loop. These requirements pose resource management challenges, calling for operating-system-like constructs that optimize the use of limited computational resources at the tactical edge. This paper describes these challenges and presents IoBT-OS, an operating system for the Internet of Battlefield Things that aims to optimize decision latency, improve decision accuracy, and reduce corresponding resource demands on computational and network components. A simple case-study with initial evaluation results is shown from a target tracking application scenario.

The compressed sensing (CS) method can reconstruct images with a small amount of under-sampling data, which is an effective method for fast magnetic resonance imaging (MRI). As the traditional optimization-based models for MRI suffered from non-adaptive sampling and shallow” representation ability, they were unable to characterize the rich patterns in MRI data. In this paper, we propose a CS MRI method based on iterative shrinkage threshold algorithm (ISTA) and adaptive sparse sampling, called DSLS-ISTA-Net. Corresponding to the sampling and reconstruction of the CS method, the network framework includes two folders: the sampling sub-network and the improved ISTA reconstruction sub-network which are coordinated with each other through end-to-end training in an unsupervised way. The sampling sub-network and ISTA reconstruction sub-network are responsible for the implementation of adaptive sparse sampling and deep sparse representation respectively. In the testing phase, we investigate different modules and parameters in the network structure, and perform extensive experiments on MR images at different sampling rates to obtain the optimal network. Due to the combination of the advantages of the model-based method and the deep learning-based method in this method, and taking both adaptive sampling and deep sparse representation into account, the proposed networks significantly improve the reconstruction performance compared to the art-of-state CS-MRI approaches.

Low-frequency oscillation (LFO) is a security and stability issue that the power system focuses on, measurement data play an important role in online monitoring and analysis of low-frequency oscillation parameters. Aiming at the problem that the measurement data containing noise affects the accuracy of modal parameter identification, a VMD-SSI modal identification algorithm is proposed, which uses the variational modal decomposition algorithm (VMD) for noise reduction combined with the stochastic subspace algorithm for identification. The VMD algorithm decomposes and reconstructs the initial signal with certain noise, and filters out the noise signal. Then, the optimized signal is input into stochastic subspace identification algorithm(SSI), the modal parameters is obtained. Simulation of a three-machine ninenode system verifies that the VMD-SSI mode identification algorithm has good anti-noise performance.

In the recent development of the online cryptocurrency mining platform, Coinhive, numerous websites have employed “Cryptojacking.” They may need the unauthorized use of CPU resources to mine cryptocurrency and replace advertising income. Web cryptojacking technologies are the most recent attack in information security. Security teams have suggested blocking Cryptojacking scripts by using a blacklist as a strategy. However, the updating procedure of the static blacklist has not been able to promptly safeguard consumers because of the sharp rise in “Cryptojacking kidnapping”. Therefore, we propose a Cryptojacking identification technique based on analyzing the user's computer resources to combat the assault technology known as “Cryptojacking kidnapping.” Machine learning techniques are used to monitor changes in computer resources such as CPU changes. The experiment results indicate that this method is more accurate than the blacklist system and, in contrast to the blacklist system, manually updates the blacklist regularly. The misuse of online Cryptojacking programs and the unlawful hijacking of users' machines for Cryptojacking are becoming worse. In the future, information security undoubtedly addresses the issue of how to prevent Cryptojacking and abduction. The result of this study helps to save individuals from unintentionally becoming miners.

Contrary to previous opinion, ‘frost shattering’ is not the only major contributor to rock weathering at mid latitudes and high elevations, more specifically along edges of bedrock escarpments. Lightning is also a significant contributor to land surface denudation. We can show this as lightning strikes on outcrops can dramatically alter the magnetic signature of rocks and is one of the main sources of noise in paleomagnetic studies. Igneous rocks in the highlands of Lesotho, southern Africa (\textgreater 3000 m elevation) provide an ideal study location, as flow lavas remain as prominent ridges that are relatively resistant to weathering. It is well known that lightning strikes can cause large remanent magnetization in rocks with little resultant variation in susceptibility. At two adjoining peaks in the Lesotho highlands, mapped freshly fractured rock correlates with areas of high magnetic intensity (remanent component), but little variation in susceptibility (related to the induced field), and is therefore a clear indicator of lightning damage. The majority of these mapped strike sites occur at the edges of topographic highs. Variations in magnetic intensity are correlated with the much lower resolution national lightning strikes dataset. These data confirm that high elevation edges of peak scarps are the focus of previous lightning strikes. This method of magnetic surveying compared with lightning strike data is a new method of confirming the locations of lightning strikes, and reduces the need for intensive paleomagnetic studies of the area to confirm remanence.

The growing amount of data and advances in data science have created a need for a new kind of cloud platform that provides users with flexibility, strong security, and the ability to couple with supercomputers and edge devices through high-performance networks. We have built such a nation-wide cloud platform, called "mdx" to meet this need. The mdx platform's virtualization service, jointly operated by 9 national universities and 2 national research institutes in Japan, launched in 2021, and more features are in development. Currently mdx is used by researchers in a wide variety of domains, including materials informatics, geo-spatial information science, life science, astronomical science, economics, social science, and computer science. This paper provides an overview of the mdx platform, details the motivation for its development, reports its current status, and outlines its future plans.

In this paper, we deal with the resilient consensus problem in networked control systems in which a group of agents are interacting with each other. A min-max-based resilient consensus algorithm has been proposed to help normal agents reach an agreement upon their state values in the presence of misbehaving ones. It is shown that the use of the developed algorithm will result in less computational load and fast convergence. Both synchronous and asynchronous update schemes for the network have been studied. Finally, the effectiveness of the proposed algorithm has been evaluated through numerical examples.

Information leaks are a top concern to industry and government leaders. The Internet of Things (IoT) is a rapidly growing technology capable of sensing real-world events. IoT devices lack a common security standard and typically use lightweight security solutions, exposing the sensitive real-world data they gather. Covert channels are a practical method of exfiltrating data from these devices.This research presents a novel IoT covert timing channel (CTC) that encodes data within preexisting network information, namely ports or addresses. This method eliminates the need for inter-packet delays (IPD) to encode data. Seven different encoding methods are implemented between two IoT protocols, TCP/IP and ZigBee. The TCP/IP covert channel is created by mimicking a Ring smart doorbell and implemented using Amazon Web Services (AWS) servers to generate traffic. The ZigBee channel is built by copying a Philips Hue lighting system and executed on an isolated local area network (LAN). Variants of the CTC focus either on Stealth or Bandwidth. Stealth methods mimic legitimate traffic captures to make them difficult to detect while the Bandwidth methods forgo this approach for maximum throughput. Detection results are presented using shape-based and regularity-based detection tests.The Stealth results have a throughput of 4.61 bits per second (bps) for TCP/IP and 3.90 bps for ZigBee. They also evade shape and regularity-based detection tests. The Bandwidth methods average 81.7 Kbps for TCP/IP and 9.76 bps for ZigBee but are evident in detection tests. The results show that CTC using address or port encoding can have superior throughput or detectability compared to IPD-based CTCs.

The safety of the power system is inherently vital, due to the high risk of the electronic power system. In the wave of digitization in recent years, many power systems have been digitized to a certain extent. Under this circumstance, network security is particularly important, in order to ensure the normal operation of the power system. However, with the development of the Internet, network security issues are becoming more and more serious. Among all kinds of network attacks, the Distributed Denial of Service (DDoS) is a major threat. Once, attackers used huge volumes of traffic in short time to bring down the victim server. Now some attackers just use low volumes of traffic but for a long time to create trouble for attack detection. There are many methods for DDoS detection, but no one can fully detect it because of the huge volumes of traffic. In order to better detect DDoS and make sure the safety of electronic power system, we propose a novel detection method based on neural network. The proposed model and its service are deployed to the edge cloud, which can improve the real-time performance for detection. The experiment results show that our model can detect attacks well and has good real-time performance.

In the near future, the high data rate challenge would not be possible by using the radio frequency (RF) only. As the user will increase, the network traffic will increase proportionally. Visible light communication (VLC) is a good solution to support huge number of indoor users. VLC has high data rate over RF communication. The way internet users are increasing, we have to think over VLC technology. Not only the data rate is a concern but also its security, cost, and reliability have to be considered for a good communication network. Quantum technology makes a great impact on communication and computing in both areas. Quantum communication technology has the ability to support better channel capacity, higher security, and lower latency. This paper combines the quantum technology over the existing VLC and compares the performance between quantum visible light communication performance (QVLC) over the existing VLC system. Research findings clearly show that the performance of QVLC is better than the existing VLC system.

Most existing deep neural networks (DNNs) are inexplicable and fragile, which can be easily deceived by carefully designed adversarial example with tiny undetectable noise. This allows attackers to cause serious consequences in many DNN-assisted scenarios without human perception. In the field of speaker recognition, the attack for speaker recognition system has been relatively mature. Most works focus on white-box attacks that assume the information of the DNN is obtainable, and only a few works study gray-box attacks. In this paper, we study blackbox attacks on the speaker recognition system, which can be applied in the real world since we do not need to know the system information. By combining the idea of transferable attack and query attack, our proposed method NMI-FGSM-Tri can achieve the targeted goal by misleading the system to recognize any audio as a registered person. Specifically, our method combines the Nesterov accelerated gradient (NAG), the ensemble attack and the restart trigger to design an attack method that generates the adversarial audios with good performance to attack blackbox DNNs. The experimental results show that the effect of the proposed method is superior to the extant methods, and the attack success rate can reach as high as 94.8% even if only one query is allowed.

A novel secure physical layer key generation method for Connected and Autonomous Vehicles (CAVs) against an attacker is proposed under fading and Additive White Gaussian Noise (AWGN). In the proposed method, a random sequence key is added to the demodulated sequence to generate a unique pre-shared key (PSK) to enhance security. Extensive computer simulation results proved that an attacker cannot extract the same legitimate PSK generated by the received vehicle even if identical fading and AWGN parameters are used both for the legitimate vehicle and attacker.

Middlebox is primarily used in Software-Defined Network (SDN) to enhance operational performance, policy compliance, and security operations. Therefore, security of the middlebox itself is essential because incorrect use of the middlebox can cause severe cybersecurity problems for SDN. Existing attacks against middleboxes in SDN (for instance, middleboxbypass attack) use methods such as cloned tags from the previous packets to justify that the middlebox has processed the injected packet. Flowcloak as the latest solution to defeat such an attack creates a defence using a tag by computing the hash of certain parts of the packet header. However, the security mechanisms proposed to mitigate these attacks are compromise-able since all parts of the packet header can be imitated, leaving the middleboxes insecure. To demonstrate our claim, we introduce a novel attack against SDN middleboxes by hijacking TCP/IP headers. The attack uses crafted TCP/IP headers to receive the tags and signatures and successfully bypasses the middleboxes.

Hash-based data structures and algorithms are currently flourishing on the Internet. It is an effective way to store large amounts of information, especially for applications related to measurement, monitoring and security. At present, there are many hash table algorithms such as: Cuckoo Hash, Peacock Hash, Double Hash, Link Hash and D-left Hash algorithm. However, there are still some problems in these hash table algorithms, such as excessive memory space, long insertion and query operations, and insertion failures caused by infinite loops that require rehashing. This paper improves the kick-out mechanism of the Cuckoo Hash algorithm, and proposes a new hash table structure- Odd-Even Hash (OE Hash) algorithm. The experimental results show that OE Hash algorithm is more efficient than the existing Link Hash algorithm, Linear Hash algorithm, Cuckoo Hash algorithm, etc. OE Hash algorithm takes into account the performance of both query time and insertion time while occupying the least space, and there is no insertion failure that leads to rehashing, which is suitable for massive data storage.

In recent years, the design of anomaly detectors has attracted a tremendous surge of interest due to security issues in industrial control systems (ICS). Restricted by hardware resources, most anomaly detectors can only be deployed at the remote monitoring ends, far away from the control sites, which brings potential threats to anomaly detection. In this paper, we propose an active real-time anomaly detection framework deployed in the controller of OpenPLC, which is a standardized open-source PLC and has high scalability. Specifically, we add adaptive active noises to control signals, and then identify a linear dynamic system model of the plant offline and implement it in the controller. Finally, we design two filters to process the estimated residuals based on the obtained model and use χ2 detector for anomaly detection. Extensive experiments are conducted on an industrial control virtual platform to show the effectiveness of the proposed detection framework.

With the progress of cryptography computer science, designing cryptographic algorithms using deep learning is a very innovative research direction. Google Brain designed a communication model using generation adversarial network and explored the encrypted communication algorithm based on machine learning. However, the encrypted communication model it designed lacks quantitative evaluation. When some plaintexts and keys are leaked at the same time, the security of communication cannot be guaranteed. This model is optimized to enhance the security by adjusting the optimizer, modifying the activation function, and increasing batch normalization to improve communication speed of optimization. Experiments were performed on 16 bits and 64 bits plaintexts communication. With plaintext and key leak rate of 0.75, the decryption error rate of the decryptor is 0.01 and the attacker can't guess any valid information about the communication.

Many organizations use internal phishing campaigns to gauge awareness and coordinate training efforts based on those findings. Ongoing content design is important for phishing training tools due to the influence recency has on phishing susceptibility. Traditional approaches for content development require significant investment and can be prohibitively costly, especially during the requirements engineering phase of software development and for applications that are constantly evolving. While prior research primarily depends upon already known phishing cues curated by experts, our project, Phish Finders, uses crowdsourcing to explore phishing cues through the unique perspectives and thought processes of everyday users in a realistic yet safe online environment, Zooniverse. This paper contributes qualitative analysis of crowdsourced comments that identifies novel cues, such as formatting and typography, which were identified by the crowd as potential phishing indicators. The paper also shows that crowdsourcing may have the potential to scale as a requirements engineering approach to meet the needs of content labeling for improved training tool development.

This paper presents a physically-secure wireless communication system utilizing orbital angular momentum (OAM) waves at 0.31THz. A trustworthy key distribution mechanism for symmetric key cryptography is proposed by exploiting random hopping among the orthogonal OAM-wave modes and phases. Keccak-f[400] based pseudorandom number generator provides randomness to phase distribution of OAM-wave modes for additional security. We assess the security vulnerabilities of using OAM modulation in a THz communication system under various physical-layer threat models as well as analyze the effectiveness of these threat models for varying attacker complexity levels under different conditions.

The Manufacturer Usage Description (MUD) standard aims to reduce the attack surface for IoT devices by locking down their behavior to a formally-specified set of network flows (access control entries). Formal network behaviors can also be systematically and rigorously verified in any operating environment. Enforcing MUD flows and monitoring their activity in real-time can be relatively effective in securing IoT devices; however, its scope is limited to endpoints (domain names and IP addresses) and transport-layer protocols and services. Therefore, misconfigured or compromised IoTs may conform to their MUD-specified behavior but exchange unintended (or even malicious) contents across those flows. This paper develops PicP-MUD with the aim to profile the information content of packet payloads (whether unencrypted, encoded, or encrypted) in each MUD flow of an IoT device. That way, certain tasks like cyber-risk analysis, change detection, or selective deep packet inspection can be performed in a more systematic manner. Our contributions are twofold: (1) We analyze over 123K network flows of 6 transparent (e.g., HTTP), 11 encrypted (e.g., TLS), and 7 encoded (e.g., RTP) protocols, collected in our lab and obtained from public datasets, to identify 17 statistical features of their application payload, helping us distinguish different content types; and (2) We develop and evaluate PicP-MUD using a machine learning model, and show how we achieve an average accuracy of 99% in predicting the content type of a flow.

Recent trends in the convergence of edge computing and artificial intelligence (AI) have led to a new paradigm of “edge intelligence”, which are more vulnerable to attack such as data and model poisoning and evasion of attacks. This paper proposes a white-box poisoning attack against online regression model for edge intelligence environment, which aim to prepare the protection methods in the future. Firstly, the new method selects data points from original stream with maximum loss by two selection strategies; Secondly, it pollutes these points with gradient ascent strategy. At last, it injects polluted points into original stream being sent to target model to complete the attack process. We extensively evaluate our proposed attack on open dataset, the results of which demonstrate the effectiveness of the novel attack method and the real implications of poisoning attack in a case study electric energy prediction application.