Biblio

This article provides an overview of the security of VANET, which is a vehicle network. When reviewing this topic, publications of various researchers were considered. The article provides information security requirements for VANET, an overview of security research, an overview of existing attacks, methods for detecting attacks and appropriate countermeasures against such threats.

Internet Protocol Version 6 (IPv6) is expected for widespread deployment worldwide. Such rapid development of IPv6 may lead to safety problems. The main threats in IPv6 networks are denial of service (DoS) attacks and distributed DoS (DDoS) attacks. In addition to the similar threats in Internet Protocol Version 4 (IPv4), IPv6 has introduced new potential vulnerabilities, which are DoS and DDoS attacks based on Internet Control Message Protocol version 6 (ICMPv6). We divide such new attacks into two categories: pure flooding attacks and source address spoofing attacks. We propose P4-NSAF, a scheme to defend against the above two IPv6 DoS and DDoS attacks in the programmable data plane. P4-NSAF uses Count-Min Sketch to defend against flooding attacks and records information about IPv6 agents into match tables to prevent source address spoofing attacks. We implement a prototype of P4-NSAF with P4 and evaluate it in the programmable data plane. The result suggests that P4-NSAF can effectively protect IPv6 networks from DoS and DDoS attacks based on ICMPv6.

Wireless Sensor Networks (WSN) have assisted applications of multi-agent system. Abundant sensor nodes, densely distributed around a base station (BS), collect data and transmit to BS node for data analysis. The concept of cluster has been emerged as the efficient communication structure in resource-constrained environment. However, the security still remains a major concern due to the vulnerability of sensor nodes. In this paper, we propose a percolation-based secure routing protocol. We leverage the trust score composed of three indexes to select cluster heads (CH) for unevenly distributed clusters. By considering the reliability, centrality and stability, legitimate nodes with social trust and adequate energy are chosen to provide relay service. Moreover, we design a multi-path inter-cluster routing protocol to construct CH chains for directed inter-cluster data transmission based on the percolation. And the measurement of transit score for on-path CH nodes contributes to load balancing and security. Our simulation results show that our protocol is able to guarantee the security to improve the delivery ratio and packets delay.

Inertial Confinement Fusion(ICF) uses the inertia of the substance itself to confine the nest-temperature thermonuclear fuel plasma to achieve thermonuclear fusion and obtain fusion energy. In the design of the local-volume ignition target capsule, the ignition zone and the main combustion zone are separated by heavy medium. The ignition zone is located in the center of the system (the part of the fusion combustion). The mass is small and can be compressed to high density and the overall temperature is raised to the ignition state (local-volume ignition). The temperature increase and density increase of the local volume ignition are relatively decoupled in time. The multi-step enhanced shock wave heats the fuel temperature drop, after which the collision effect accelerates the metal shell layer by layer, and uses the inertia of high-Z metal shell with a larger residual mass to achieve effective compression of the fuel areal after the driving source ends for a long time. Local volume ignition has the advantages of no need to reshape the radiation driving pulse, resistance to the influence of hot electrons, less demanding compression symmetry, and large combustion gain.

The high maneuverability of the unmanned aerial vehicle (UAV), facilitating fast and flexible deployment of communication infrastructures, brings potentially valuable opportunities to the future wireless communication industry. Nevertheless, UAV communication networks are faced with severe security challenges since air to ground (A2G) communications are more vulnerable to eavesdropping attacks than terrestrial communications. To solve the problem, we propose a coding scheme that hierarchically utilizes polar codes in order to address channel multi-state variation for UAV wiretap channels, without the instantaneous channel state information (CSI) known at the transmitter. The theoretical analysis and simulation results show that the scheme achieves the security capacity of the channel and meets the conditions of reliability and security.

For the huge charging demands of numerous electric vehicles (EVs), coordinated charging is increasing in power grid. However, since connected with public networks, the coordinated charging control system is in a low-level cyber security and greatly vulnerable to malicious attacks. This paper investigates the malicious mode attack (MMA), which is a new cyber-attack pattern that simultaneously attacks massive EV charging piles to generate continuous sinusoidal power disturbance with the same frequency as the poorly-damped wide-area electromechanical mode. Thereby, high amplitude forced oscillations are stimulated by MMA, which seriously threats the stability of power systems and the power supply of charging stations. The potential threat of MMA is clarified by investigating the vulnerability of the IoT-based coordinated charging load control system, and an MMA process like Mirai is pointed out as an example. An MMA model is established for impact analysis. A hardware test platform is built for the verification of the MMA model. Test result verified the existence of MMA and the accuracy of the MMA model.

There is an increase in interest and necessity for an interoperable and efficient railway network across Europe, creating a key distribution problem between train and trackside entities’ key management centres (KMC). Train and trackside entities establish a secure session using symmetric keys (KMAC) loaded beforehand by their respective KMC using procedures that are not scalable and prone to operational mistakes. A single system would simplify the KMAC distribution between KMCs; nevertheless, it is difficult to place the responsibility for such a system for the whole European area within one central organization. A single system could also expose relationships between KMCs, revealing information, such as plans to use an alternative route or serve a new region, jeopardizing competitive advantage. This paper proposes a scalable and decentralised key management system that allows KMC to share cryptographic keys using transactions while keeping relationships anonymous. Using non-interactive proofs of knowledge and assigning each entity a private and public key, private key owners can issue valid transactions while all system actors can validate them. Our performance analysis shows that the proposed system is scalable when a proof of concept is implemented with settings close to the expected railway landscape in 2030.

Cloud computing solutions enable Cyber-Physical Systems (CPSs) to utilize significant computational resources and implement sophisticated control algorithms even if limited computation capabilities are locally available for these systems. However, such a control architecture suffers from an important concern related to the privacy of sensor measurements and the computed control inputs within the cloud. This paper proposes a solution that allows implementing a set-theoretic model predictive controller on the cloud while preserving this privacy. This is achieved by exploiting the offline computations of the robust one-step controllable sets used by the controller and two affine transformations of the sensor measurements and control optimization problem. It is shown that the transformed and original control problems are equivalent (i.e., the optimal control input can be recovered from the transformed one) and that privacy is preserved if the control algorithm is executed on the cloud. Moreover, we show how the actuator can take advantage of the set-theoretic nature of the controller to verify, through simple set-membership tests, if the control input received from the cloud is admissible. The correctness of the proposed solution is verified by means of a simulation experiment involving a dual-tank water system.

With the advent of information and communication technology, the digital space is becoming a playing ground for criminal activities. Criminals typically prefer darkness or a hidden place to perform their illegal activities in a real-world while sometimes covering their face to avoid being exposed and getting caught. The same applies in a digital world where criminals prefer features which provide anonymity or hidden features to perform illegal activities. It is from this spirit the Darkweb is attracting all kinds of criminal activities conducted over the Internet such as selling drugs, illegal weapons, child pornography, assassination for hire, hackers for hire, and selling of malicious exploits, to mention a few. Although the anonymity offered by Darkweb can be exploited as a tool to arrest criminals involved in cybercrime, an in-depth research is needed to advance criminal investigation on Darkweb. Analysis of illegal activities conducted in Darkweb is in its infancy and faces several challenges like lack of standard operating procedures. This study proposes progressive standard operating procedures (SOPs) for Darkweb forensics investigation. We provide the four stages of SOP for Darkweb investigation. The proposed SOP consists of the following stages; identification and profiling, discovery, acquisition and preservation, and the last stage is analysis and reporting. In each stage, we consider the objectives, tools and expected results of that particular stage. Careful consideration of this SOP revealed promising results in the Darkweb investigation.

Systems based on WB protection have a limited lifetime, measured in months and sometimes days. Unfortunately, to understand for how long the application will be uncompromised, if possible, only empirically. However, it is possible to make a preliminary assessment of the security of a particular implementation, depending on the methods and their number used in the implementation, it will allow reallocating resources to more effective means of protection.

SCADA systems are one of the critical infrastructures and face many security threats. Attackers can control SCADA systems through network attacks, destroying the normal operation of the power system. It is important to conduct a risk assessment of security threats on SCADA systems. However, existing models for risk assessment using attack trees mainly focus on describing possible intrusions rather than the interaction between threats and defenses. In this paper, we comprehensively consider intrusion likelihood and defense capability and propose a quantitative risk assessment model of security threats based on attack countermeasure tree (ACT). Each leaf node in ACT contains two attributes: exploitable vulnerabilities and defense countermeasures. An attack scenario can be constructed by means of traversing the leaf nodes. We set up six indicators to evaluate the impact of security threats in attack scenarios according to NISTIR 7628 standard. Experimental results show the attack probability of security threats and high-risk attack scenarios in SCADA systems. We can improve defense countermeasures to protect against security threats corresponding to high-risk scenarios. In addition, the model can continually update risk assessments based on the implementation of the system’s defensive countermeasures.

Adversarial attacks have recently been proposed to scrutinize the security of deep neural networks. Most blackbox adversarial attacks, which have partial access to the target through queries, are target-specific; e.g., they require a well-trained surrogate that accurately mimics a given target. In contrast, target-agnostic black-box attacks are developed to attack any target; e.g., they learn a generalized surrogate that can adapt to any target via fine-tuning on samples queried from the target. Despite their success, current state-of-the-art target-agnostic attacks require tremendous fine-tuning steps and consequently an immense number of queries to the target to generate successful attacks. The high query complexity of these attacks makes them easily detectable and thus defendable. We propose a novel query-efficient target-agnostic attack that trains a generalized surrogate network to output the adversarial directions iv.r.t. the inputs and equip it with an effective fine-tuning strategy that only fine-tunes the surrogate when it fails to provide useful directions to generate the attacks. Particularly, we show that to effectively adapt to any target and generate successful attacks, it is sufficient to fine-tune the surrogate with informative samples that help the surrogate get out of the failure mode with additional information on the target’s local behavior. Extensive experiments on CIFAR10 and CIFAR-100 datasets demonstrate that the proposed target-agnostic approach can generate highly successful attacks for any target network with very few fine-tuning steps and thus significantly smaller number of queries (reduced by several order of magnitudes) compared to the state-of-the-art baselines.

Malicious attacks, malware, and ransomware families pose critical security issues to cybersecurity, and it may cause catastrophic damages to computer systems, data centers, web, and mobile applications across various industries and businesses. Traditional anti-ransomware systems struggle to fight against newly created sophisticated attacks. Therefore, state-of-the-art techniques like traditional and neural network-based architectures can be immensely utilized in the development of innovative ransomware solutions. In this paper, we present a feature selection-based framework with adopting different machine learning algorithms including neural network-based architectures to classify the security level for ransomware detection and prevention. We applied multiple machine learning algorithms: Decision Tree (DT), Random Forest (RF), Naïve Bayes (NB), Logistic Regression (LR) as well as Neural Network (NN)-based classifiers on a selected number of features for ransomware classification. We performed all the experiments on one ransomware dataset to evaluate our proposed framework. The experimental results demonstrate that RF classifiers outperform other methods in terms of accuracy, F -beta, and precision scores.

Plaintext transmission is the major way of communication in the existing security and stability control (SSC) system of power grid. Such type of communication is easy to be invaded, camouflaged and hijacked by a third party, leading to a serious threat to the safe and stable operation of power system. Focusing on the communication security in SSC system, the authors use asymmetric encryption algorithm to encrypt communication messages, to generate random numbers through random noise of electrical quantities, and then use them to generate key pairs needed for encryption, at the same time put forward a set of key management mechanism for engineering application. In addition, the field engineering test is performed to verify that the proposed encryption method and management mechanism can effectively improve the communication in SSC system while ensuring the high-speed and reliable communication.

For multi-source heterogeneous complex data types of data cleaning and visual display, we proposed to build dynamic multimode visualization analysis tool, according to the different types of data designed by the user in accordance with the data model, and use visualization technology tools to build and use CQRS technology to design, external interface using a RESTFul architecture, The domain model and data query are completely separated, and the underlying data store adopts Hbase, ES and relational database. Drools is adopted in the data flow engine. According to the internal algorithm, three kinds of graphs can be output, namely, transaction relationship network analysis graph, capital flow analysis graph and transaction timing analysis graph, which can reduce the difficulty of analysis and help users to analyze data in a more friendly way

With the rapid growth of the number of global network entities and interconnections, the security risks of network relationships are constantly accumulating. As the basis of network interconnection and communication, Internet routing is facing severe challenges such as insufficient online monitoring capability of large-scale routing events and lack of effective and credible verification mechanism. Major global routing security events emerge one after another, causing extensive and far-reaching impacts. To solve these problems, China Telecom studied the BGP (border gateway protocol) SDN (software defined network) controller technology to monitor the interconnection routing, constructed the global routing information database trust source integrating multi-dimensional information and developed the function of the protocol level based real-time monitoring system of Internet routing security events. Through these means, it realizes the second-level online monitoring capability of large-scale IP network Internet service routing events, forms the minute-level route leakage interception and route hijacking blocking solutions, and achieves intelligent protection capability of Internet routing security.

Virtual power plants are among the promising ways that variable generation and flexible demand may be optimally balanced in the future. The virtual power plant is an important branch of the energy internet, and it plays an important role in the aggregation of distributed power generation resources and the establishment of virtual power resource transactions. However, in the existing virtual power plant model, the following problems are becoming increasingly prominent, such as safeguard, credit rating system, privacy protection, benefit distribution. Firstly, the operation and transaction mechanism of the virtual power plant was introduced. Then, the blockchain technology is introduced into the virtual power plant transaction to make it more conducive to the information transparent, stable dispatch system, data security, and storage security. Finally, the operation and transaction system based on blockchain technology for the virtual power plant was design.

With the development of information networks, cloud computing, big data, and virtualization technologies promote the emergence of various new network applications to meet the needs of various Internet services. A security protection system for virtual host in cloud computing center is proposed in the article. The system takes “security as a service” as the starting point, takes virtual machines as the core, and takes virtual machine clusters as the unit to provide unified security protection against the borderless characteristics of virtualized computing. The thesis builds a network security protection system for APT attacks; uses the system dynamics method to establish a system capability model, and conducts simulation analysis. The simulation results prove the validity and rationality of the network communication security system framework and modeling analysis method proposed in the thesis. Compared with traditional methods, this method has more comprehensive modeling and analysis elements, and the deduced results are more instructive.

At present, code reuse attacks, such as Return Oriented Programming (ROP), execute attacks through the code of the application itself, bypassing the traditional defense mechanism and seriously threatening the security of computer software. The existing two mainstream defense mechanisms, Address Space Layout Randomization (ASLR), are vulnerable to information disclosure attacks, and Control-Flow Integrity (CFI) will bring high overhead to programs. At the same time, due to the widespread use of software of unknown origin, there is no source code provided or available, so it is not always possible to secure the source code. In this paper, we propose FRCFI, an effective method based on binary rewriting to prevent code reuse attacks. FRCFI first disrupts the program's memory space layout through function shuffling and NOP insertion, then verifies the execution of the control-flow branch instruction ret and indirect call/jmp instructions to ensure that the target address is not modified by attackers. Experiment show shows that FRCFI can effectively defend against code reuse attacks. After randomization, the survival rate of gadgets is only 1.7%, and FRCFI adds on average 6.1% runtime overhead on SPEC CPU2006 benchmark programs.

GIS equipment is an important component of power system, and mechanical failure often occurs in the process of equipment operation. In order to realize GIS equipment mechanical fault intelligent detection, this paper presents a mechanical fault diagnosis model for GIS equipment based on cross-validation parameter optimization support vector machine (CV-SVM). Firstly, vibration experiment of isolating switch was carried out based on true 110 kV GIS vibration simulation experiment platform. Vibration signals were sampled under three conditions: normal, plum finger angle change fault, plum finger abrasion fault. Then, the c and G parameters of SVM are optimized by cross validation method and grid search method. A CV-SVM model for mechanical fault diagnosis was established. Finally, training and verification are carried out by using the training set and test set models in different states. The results show that the optimization of cross-validation parameters can effectively improve the accuracy of SVM classification model. It can realize the accurate identification of GIS equipment mechanical fault. This method has higher diagnostic efficiency and performance stability than traditional machine learning. This study can provide reference for on-line monitoring and intelligent fault diagnosis analysis of GIS equipment mechanical vibration.

Research on intelligent accounting system based on intelligent financial data sheet analysis system considering complex data mining is conducted in the paper. The expert audit system extracts business records from the business database according to the specified audit conditions, and the program automatically calculates the total amount of the amount data items, and then compares it with the standard or normal business, reflecting the necessary information such as differences and also possible audit trails. In order to find intrusion behaviors and traces, data collection is carried out from multiple points in the network system. The collection content includes system logs, network data packets, important files, and the status and the behavior of the user activities. Furthermore, complex data mining model is combined for the systematic analysis on the system performance. The simulation on the collected data is provided to the validate the performance.

With the high-speed development of UHV power grid, the characteristics of power grid changed significantly, which puts forward new requirements for the safe operation of power grid and depend on Security and Stability Control System (SSCS) greatly. Based on the practical cases, this paper analyzes the principle of the abnormal criteria of the SSCS and its influence on the strategy of the SSCS, points out the necessity of the research on the locking strategy of the SSCS under the abnormal state. Taking the large-scale SSCS for an example, this paper analysis different control strategies of the stations in the different layered, and puts forward effective solutions to adapt different system functions. It greatly improved the effectiveness and reliability of the strategy of SSCS, and ensure the integrity of the system function. Comparing the different schemes, the principles of making the lock-strategy are proposed. It has reference significance for the design, development and implementation of large-scale SSCS.

With the introduction of the national “carbon peaking and carbon neutrality” strategic goals and the accelerated construction of the new generation of power systems, cloud applications built on advanced IT technologies play an increasingly important role in meeting the needs of digital power business. In view of the characteristics of the current power industrial control system operation support cloud platform with wide coverage, large amount of log data, and low analysis intelligence, this paper proposes a cloud platform network security behavior audit method based on FP-Growth association rule algorithm, aiming at the uniqueness of the operating data of the cloud platform that directly interacts with the isolated system environment of power industrial control system. By using the association rule algorithm to associate and classify user behaviors, our scheme formulates abnormal behavior judgment standards, establishes an automated audit strategy knowledge base, and improves the security audit efficiency of power industrial control system operation support cloud platform. The intelligent level of log data analysis enables effective discovery, traceability and management of internal personnel operational risks.

This paper designs a network security protection system based on artificial intelligence technology from two aspects of hardware and software. The system can simultaneously collect Internet public data and secret-related data inside the unit, and encrypt it through the TCM chip solidified in the hardware to ensure that only designated machines can read secret-related materials. The data edge-cloud collaborative acquisition architecture based on chip encryption can realize the cross-network transmission of confidential data. At the same time, this paper proposes an edge-cloud collaborative information security protection method for industrial control systems by combining end-address hopping and load balancing algorithms. Finally, using WinCC, Unity3D, MySQL and other development environments comprehensively, the feasibility and effectiveness of the system are verified by experiments.

As a new industry integrated by computing, communication, networking, electronics, and automation technology, the Internet of Vehicles (IoV) has been widely concerned and highly valued at home and abroad. With the rapid growth of the number of intelligent connected vehicles, the data security risks of the IoV have become increasingly prominent, and various attacks on data security emerge in an endless stream. This paper firstly introduces the latest progress on the data security policies, regulations, standards, technical routes in major countries and regions, and international standardization organizations. Secondly, the characteristics of the IoV data are comprehensively analyzed in terms of quantity, standard, timeliness, type, and cross-border transmission. Based on the characteristics, this paper elaborates the security risks such as privacy data disclosure, inadequate access control, lack of identity authentication, transmission design defects, cross-border flow security risks, excessive collection and abuse, source identification, and blame determination. And finally, we put forward the measures and suggestions for the security development of IoV data in China.