Biblio

The popularity of cryptocurrencies has garnered interest from cybercriminals, spurring an onslaught of cryptojacking campaigns that aim to hijack computational resources for the purpose of mining cryptocurrencies. In this paper, we present a cross-stack cryptojacking defense system that spans the hardware and OS layers. Unlike prior work that is confined to detecting cryptojacking behavior within web browsers, our solution is application agnostic. We show that tracking instructions that are frequently used in cryptographic hash functions serve as reliable signatures for fingerprinting cryptojacking activity. We demonstrate that our solution is resilient to multi-threaded and throttling evasion techniques that are commonly employed by cryptojacking malware. We characterize the robustness of our solution by extensively testing a diverse set of workloads that include real consumer applications. Finally, an evaluation of our proof-of-concept implementation shows minimal performance impact while running a mix of benchmark applications.

In view of the current status of Internet of Things applications and related security problems, the architecture system of Internet of Things applications based on block chain is introduced. First, it introduces the concepts related to blockchain technology, introduces the architecture system of iot application based on blockchain, and discusses its overall architecture design, key technologies and functional structure design. The product embodies the whole process of the Internet of Things platform on the basis of blockchain, which builds an infrastructure based on the Internet of Things and solves the increasingly serious security problems in the Internet of Things through the technical characteristics of decentralization.

In this paper, an effective Advanced Persistent Threat (APT) attack response system was proposed. Reference to the NIST Cyber Security Framework (CRF) was made to present the most cost-effective measures. It has developed a system that detects and responds to real-time AM-HIDS (Anti Malware Host Intrusion Detection System) that monitors abnormal change SW of PCs as a prevention of APT. It has proved that the best government-run security measures are possible to provide an excellent cost-effectiveness environment to prevent APT attacks.

This paper studies the technology of generating DDPG (deep deterministic policy gradient) by using the deep dual network and experience pool network structure, and puts forward the sampling strategy gradient algorithm to randomly select actions according to the learned strategies (action distribution) in the continuous action space, based on the dispatching control system of the power dispatching control center of a super city power grid, According to the actual characteristics and operation needs of urban power grid, The developed refined artificial intelligence on-line security analysis and emergency response plan intelligent generation function realize the emergency response auxiliary decision-making intelligent generation function. According to the hidden danger of overload and overload found in the online safety analysis, the relevant load lines of the equipment are searched automatically. Through the topology automatic analysis, the load transfer mode is searched to eliminate or reduce the overload or overload of the equipment. For a variety of load transfer modes, the evaluation index of the scheme is established, and the optimal load transfer mode is intelligently selected. Based on the D5000 system of Metropolitan power grid, a multi-objective and multi resource coordinated security risk decision-making assistant system is implemented, which provides integrated security early warning and decision support for the main network and distribution network of city power grid. The intelligent level of power grid dispatching management and dispatching operation is improved. The state reality network can analyze the joint state observations from the action reality network, and the state estimation network uses the actor action as the input. In the continuous action space task, DDPG is better than dqn and its convergence speed is faster.

The paper describes a methodology for assessing non-functional requirements, such as trust characteristics for applications running on computationally constrained devices in the Internet of Things. The methodology is demonstrated through an example of a microcontroller-based temperature monitoring system. The concepts of trust and trustworthiness for software and devices of the Internet of Things are complex characteristics for describing the correct and secure operation of such systems and include aspects of operational and information security, reliability, resilience and privacy. Machine learning models, which are increasingly often used for such tasks in recent years, are resource-consuming software implementations. The paper proposes to use a logic circuit model to implement the above algorithms as an additional module for computationally constrained devices for checking the trustworthiness of applications running on them. Such a module could be implemented as a hardware, for example, as an FPGA in order to achieve more effectiveness.

Recommender systems, which aim to suggest personalized lists of items for users, have drawn a lot of attention. In fact, many of these state-of-the-art recommender systems have been built on deep neural networks (DNNs). Recent studies have shown that these deep neural networks are vulnerable to attacks, such as data poisoning, which generate fake users to promote a selected set of items. Correspondingly, effective defense strategies have been developed to detect these generated users with fake profiles. Thus, new strategies of creating more ‘realistic’ user profiles to promote a set of items should be investigated to further understand the vulnerability of DNNs based recommender systems. In this work, we present a novel framework CopyAttack. It is a reinforcement learning based black-box attacking method that harnesses real users from a source domain by copying their profiles into the target domain with the goal of promoting a subset of items. CopyAttack is constructed to both efficiently and effectively learn policy gradient networks that first select, then further refine/craft user profiles from the source domain, and ultimately copy them into the target domain. CopyAttack’s goal is to maximize the hit ratio of the targeted items in the Top-k recommendation list of the users in the target domain. We conducted experiments on two real-world datasets and empirically verified the effectiveness of the proposed framework. The implementation of CopyAttack is available at https://github.com/wenqifan03/CopyAttack.

The Interface to Network Security Functions (I2NSF) Working Group in Internet Engineering Task Force (IETF) provides data models of interfaces to easily configure Network Security Functions (NSF). The Working Group presents a high-level data model and a low-level data model for configuring the NSFs. The high-level data model is used for the users to manipulate the NSFs configuration easily without any security expertise. But the NSFs cannot be configured using the high-level data model as it needs a low-level data model to properly deploy their security operation. For that reason, the I2NSF Framework needs a security policy translator to translate the high-level data model into the corresponding low-level data model. This paper improves the previously proposed Security Policy Translator by adding an Automatic Data Model Mapper. The proposed mapper focuses on the mapping between the elements in the high-level data model and the elements in low-level data model to automate the translation without the need for a security administrator to create a mapping table.

In order to improve the security and reliability of information system and reduce the risk of vulnerability intrusion and attack, an automatic patch installation method of operating systems based on deep learning is proposed, If the installation is successful, the basic information of the system will be returned to the visualization server. If the installation fails, it is recommended to upgrading manually and display it on the patch detection visualization server. Through the practical application of statistical analysis, the statistical results show that the proposed method is significantly better than the original and traditional installation methods, which can effectively avoid the problem of client repeated download, and greatly improve the success rate of patch automatic upgrades. It effectively saves the upgrade cost and ensures the security and reliability of the information system.

Recently, methods are studied to overcome various problems for Named Data Networking(NDN). Among them, a new method which can overcome content storm problem is required to reduce network congestion and deliver content packet to consumer reliably. According to the various studies, the content storm problems could be overcame by scoped interest flooding. However, because these methods do not considers not only network congestion ratio but also the number another different paths, the correspond content packets could be transmitted unnecessary and network congestion could be worse. Therefore, in this paper, we propose a new content forwarding method for NDN to overcome the content storm problem. In the proposed method, if the network is locally congested and another paths are generated, an intermediate node could postpone or withdraw the content packet transmission to reduce congestion.

Speaker verification has been widely and successfully adopted in many mission-critical areas for user identification. The training of speaker verification requires a large amount of data, therefore users usually need to adopt third-party data (e.g., data from the Internet or third-party data company). This raises the question of whether adopting untrusted third-party data can pose a security threat. In this paper, we demonstrate that it is possible to inject the hidden backdoor for infecting speaker verification models by poisoning the training data. Specifically, we design a clustering-based attack scheme where poisoned samples from different clusters will contain different triggers (i.e., pre-defined utterances), based on our understanding of verification tasks. The infected models behave normally on benign samples, while attacker-specified unenrolled triggers will successfully pass the verification even if the attacker has no information about the enrolled speaker. We also demonstrate that existing back-door attacks cannot be directly adopted in attacking speaker verification. Our approach not only provides a new perspective for designing novel attacks, but also serves as a strong baseline for improving the robustness of verification methods. The code for reproducing main results is available at https://github.com/zhaitongqing233/Backdoor-attack-against-speaker-verification.

Human behavior analysis is the process that consists of activity monitoring and behavior recognition and has become the core component of intelligent applications such as security surveillance and fall detection. Generally, the techniques involved in behavior recognition include sensor and vision-based processing. During the process, the activity information is typically required to ensure a good recognition performance. On the other hand, the privacy issue attracts much attention and requires a limited range of activity monitoring accordingly. We study behavior analysis for such privacy-oriented applications. A local object tracking (LOT) technique based on an infrared sensor array is developed in a limited monitoring range and is further realized to a practical bed-exit system in the clinical test environment. The experimental results show a correct recognition rate of 99% for 6 bedside activities. In addition, 89% of participants in a satisfaction survey agree on its effectiveness.

The physical layer secret key generation exploiting wireless channel reciprocity has attracted considerable attention in the past two decades. On-going research have demonstrated its viability in various radio frequency (RF) systems. Most of existing work rely on quantization technique to convert channel measurements into digital binaries that are suitable for secret key generation. However, non-simultaneous packet exchanges in time division duplex systems and noise effects in practice usually create random channel measurements between two users, leading to inconsistent quantization results and mismatched secret bits. While significant efforts were spent in recent research to mitigate such non-reciprocity, no efficient method has been found yet. Unlike existing quantization-based approaches, we take a different viewpoint and perform the secret key agreement by solving a bipartite graph matching problem. Specifically, an efficient dual-permutation secret key generation method, DP-SKG, is developed to match the randomly permuted channel measurements between a pair of users by minimizing their discrepancy holistically. DP-SKG allows two users to generate the same secret key based on the permutation order of channel measurements despite the non-reciprocity over wireless channels. Extensive experimental results show that DP-SKG could achieve error-free key agreement on received signal strength (RSS) with a low cost under various scenarios.

Bitcoin is a virtual encrypted digital currency based on a peer-to-peer network. In recent years, for higher anonymity, more and more Bitcoin users try to use Tor hidden services for identity and location hiding. However, previous studies have shown that Tor are vulnerable to traffic fingerprinting attack, which can identify different websites by identifying traffic patterns using statistical features of traffic. Our work shows that traffic fingerprinting attack is also effective for the Bitcoin hidden nodes detection. In this paper, we proposed a novel lightweight Bitcoin hidden service traffic fingerprinting, using a random decision forest classifier with features from TLS packet size and direction. We test our attack on a novel dataset, including a foreground set of Bitcoin hidden node traffic and a background set of different hidden service websites and various Tor applications traffic. We can detect Bitcoin hidden node from different Tor clients and website hidden services with a precision of 0.989 and a recall of 0.987, which is higher than the previous model.

Distributed Denial-of-Service (DDoS) attack is a long-lived attack that is hugely harmful to the Internet. In particular, the emergence of a new type of DDoS called Link Flooding Attack (LFA) makes the detection and defense more difficult. In LFA, the attacker cuts off a specific area by controlling large numbers of bots to send low-rate traffic to congest selected links. Since the attack flows are similar to the legitimate ones, traditional schemes like anomaly detection and intrusion detection are no longer applicable. Blockchain provides a new solution to address this issue. In this paper, we propose a blockchain-based LFA detection scheme, which is deployed on routers and servers in and around the area that we want to protect. Blockchain technology is used to record and share the traceroute information, which enables the hosts in the protected region to easily trace the flow paths. We implement our scheme in Ethereum and conduct simulation experiments to evaluate its performance. The results show that our scheme can achieve timely detection of LFA with a high detection rate and a low false positive rate, as well as a low overhead.

With the development of various technologies, the modern industry has been promoted to a new era known as Industry 4.0. Within such paradigm, smart factories are becoming widely recognized as the fundamental concept. These systems generate and exchange vast amounts of privacy-sensitive data, which makes them attractive targets of attacks and unauthorized access. To improve privacy and security within such environments, a more decentralized approach is seen as the solution to allow their longterm growth. Currently, the blockchain technology represents one of the most suitable candidate technologies able to support distributed and secure ecosystem for Industry 4.0 while ensuring reliability, information integrity and access authorization. Blockchain based access control frameworks address encountered challenges regarding the confidentiality, traceability and notarization of access demands and procedures. However significant additional fears are raised about entities' privacy regarding access history and shared policies. In this paper, our main focus is to ensure strong privacy guarantees over the access control related procedures regarding access requester sensitive attributes and shared access control policies. The proposed scheme called PDAMF based on ring signatures adds a privacy layer for hiding sensitive attributes while keeping the verification process transparent and public. Results from a real implementation plus performance evaluation prove the proposed concept and demonstrate its feasibility.

Our identity as a human being is determined by the documents, not by appearance or physicality. The most important thing to prove the identity of humans is to show a government-issued document. Generally, from birth to death humans are recognized by documents because they are born with a birth certificate and they die with a death certificate. The main problem with these documents is that, they can be falsified or manipulated by others. Moreover in this digital era, they are stored in a centralized manner, which is prone to a cyber threat. This study aims to develop a blockchain environment to create, verify, and securely share documents in a decentralized manner. With the help of bigchainDB, interplanetary file system (IPFS), and asymmetric encryption, this research work will prototype the proposed solution called blockchain-based digital locker, which is similar to the DigiLocker released by the Department of Electronics and Information Technology (DeitY), Govt. of India. BigchainDB will help in treating each document as an asset by making it immutable with the help of IPFS and asymmetric encryption, where documents can not only be shared but also verified.

Symbiotic radio (SR) has recently emerged as a promising technology to boost spectrum efficiency of wireless communications by allowing reflective communications underlying the active RF communications. In this paper, we leverage SR to boost physical layer security by using an array of passive reflecting elements constituting the intelligent reflecting surface (IRS), which is reconfigurable to induce diverse RF radiation patterns. In particular, by switching the IRS's phase shifting matrices, we can proactively create dynamic channel conditions, which can be exploited by the transceivers to extract common channel features and thus used to generate secret keys for encrypted data transmissions. As such, we firstly present the design principles for IRS-assisted key generation and verify a performance improvement in terms of the secret key generation rate (KGR). Our analysis reveals that the IRS's random phase shifting may result in a non-uniform channel distribution that limits the KGR. Therefore, to maximize the KGR, we propose both a heuristic scheme and deep reinforcement learning (DRL) to control the switching of the IRS's phase shifting matrices. Simulation results show that the DRL approach for IRS-assisted key generation can significantly improve the KGR.

With the construction of power information network, the power grid has built a security protection system based on boundary protection. However, with the continuous advancement of the construction of the power Internet of Things, a large number of power Internet of Things terminals need to connect to the power information network through the public network, which have an impact on the existing security protection system of the power grid. This article analyzes the characteristics of the border protection model commonly used in network security protection. Aiming at the lack of security protection capabilities of this model, a zero-trust security architecture-based power Internet of Things network security protection model is proposed. Finally, this article analyzes and studies the application of zero trust in the power Internet of Things.

The Controller Area Network (CAN) bus is the de-facto standard for connecting the Electronic Control Units (ECUs) in automobiles. However, there are serious cyber-security risks due to the lack of security mechanisms. In order to mine the vulnerabilities in CAN bus, this paper proposes CAN-FT, a fuzz testing method for automotive CAN bus, which uses a Generative Adversarial Network (GAN) based fuzzy message generation algorithm and the Adaptive Boosting (AdaBoost) based anomaly detection mechanism to capture the abnormal states of CAN bus. Experimental results on a real-world vehicle show that CAN-FT can find vulnerabilities more efficiently and comprehensively.

Distributed denial of service (DDoS) attack is a common way of network attack. It has the characteristics of wide distribution, low cost and difficult defense. The traditional algorithms of machine learning (ML) have such shortcomings as excessive systemic overhead and low accuracy in detection of DDoS. In this paper, a CGAN (conditional generative adversarial networks, conditional GAN) -based method is proposed to detect the attack of DDoS. On off-line training, five features are extracted in order to adapt the input of neural network. On the online recognition, CGAN model is adopted to recognize the packets of DDoS attack. The experimental results demonstrate that our proposed method obtains the better performance than the random forest-based method.

As Edge deployments move closer towards the end devices, low latency communication among Edge aware applications is one of the key tenants of Edge service offerings. In order to simplify application development, service mesh architectures have emerged as the evolutionary architectural paradigms for taking care of bulk of application communication logic such as health checks, circuit breaking, secure communication, resiliency (among others), thereby decoupling application logic with communication infrastructure. The latency to throughput ratio needs to be measurable for high performant deployments at the Edge. Providing benchmark data for various edge deployments with Bare Metal and virtual machine-based scenarios, this paper digs into architectural complexities of deploying service mesh at edge environment, performance impact across north-south and east-west communications in and out of a service mesh leveraging popular open-source service mesh Istio/Envoy using a simple on-prem Kubernetes cluster. The performance results shared indicate performance impact of Kubernetes network stack with Envoy data plane. Microarchitecture analyses indicate bottlenecks in Linux based stacks from a CPU micro-architecture perspective and quantify the high impact of Linux's Iptables rule matching at scale. We conclude with the challenges in multiple areas of profiling and benchmarking requirement and a call to action for deploying a service mesh, in latency sensitive environments at Edge.

Driven by the development of Internet and information technology, cloud computing has been widely recognized and accepted by the public. However, with the occurrence of more and more information leakage, cloud security has also become one of the core problem of cloud computing. As one of the resolve methods of it, ciphertext-policy attribute-based encryption (CP-ABE) by embedding access policy into ciphertext can make data owner to decide which attributes can access ciphertext. It achieves ensuring data confidentiality with realizing fine-grained access control. However, the traditional access policy has some limitations. Compared with other access policies, the circuit-based access policy ABE supports more flexible access control to encrypted data. But there are still many challenges in the existing circuit-based access policy ABE, such as privacy leakage and low efficiency. Motivated by the above, a new circuit-based access policy ABE is proposed. By converting the multi output OR gates in monotonic circuit, the backtracking attacks in circuit access structure is avoided. In order to overcome the low efficiency issued by circuit conversion, outsourcing computing is adopted to Encryption/Decryption algorithms, which makes the computing overhead for data owners and users be decreased and achieve constant level. Security analysis shows that the scheme is secure under the decision bilinear Diffie-Hellman (DBDH) assumption. Numerical results show the proposed scheme has a higher computation efficiency than the other circuit-based schemes.

Based on the third generation neural network spiking neural network, this paper optimizes and improves a classification and coding method, and proposes an image recognition method. Firstly, the read image is converted into a spike sequence, and then the spike sequence is encoded in groups and sent to the neurons in the spike neural network. After learning and training for many times, the quantization standard code is obtained. In this process, the spike sequence transformation matrix and dynamic weight matrix are obtained, and the unclassified data are output through the same matrix for image recognition and classification. Simulation results show that the above methods can get correct coding and preliminary recognition classification, and the spiking neural network can be applied.

Analyzing safety and security requirements remains a difficult task in the development of real-life network protocols. Although numerous modeling and analyzing methods have been proposed in the past decades, most of them handle safety and security requirements separately without considering their interplay. In this work, we propose a collaborative modeling framework that enables co-analysis of safety and security requirements for network protocols. Our modeling framework is based on a well-defined type system and supports modeling of network topology, message flows, protocol behaviors and attacker behaviors. It also supports the specification of safety requirements as temporal logical formulae and typical security requirements as queries, and leverages on the existing verification tools for formal safety and security analysis via model transformations. We have implemented this framework in a prototype tool CMSS, and illustrated the capability of CMSS by using the 5G AKA initialization protocol as a case study.

In order to solve the problem that collaborative filtering recommendation algorithm completely depends on the interactive behavior information of users while ignoring the correlation information between items, this paper introduces a link prediction algorithm based on knowledge graph to integrate ItemCF algorithm. Through the linear weighted fusion of the item similarity matrix obtained by the ItemCF algorithm and the item similarity matrix obtained by the link prediction algorithm, the new fusion matrix is then introduced into ItemCF algorithm. The MovieLens-1M data set is used to verify the KGLP-ItemCF model proposed in this paper, and the experimental results show that the KGLP-ItemCF model effectively improves the precision, recall rate and F1 value. KGLP-ItemCF model effectively solves the problems of sparse data and over-reliance on user interaction information by introducing knowledge graph into ItemCF algorithm.