Biblio

Compared to ordinary Internet applications, the transfer of scientific data flows often has higher requirements for network performance. The network security devices and systems often affect the efficiency of scientific data transfer. As a new type of network architecture, Software-defined Networking (SDN) decouples the data plane from the control plane. Its programmability allows users to customize the network transfer path and makes the network more intelligent. The Science DMZ model is a private network for scientific data flow transfer, which can improve performance under the premise of ensuring network security. This paper combines SDN with Science DMZ, designs and implements an SDN-based traffic scheduling algorithm considering the load of link. In addition to distinguishing scientific data flow from common data flow, the algorithm further distinguishes the scientific data flows of different applications and performs different traffic scheduling of scientific data for specific link states. Experiments results proved that the algorithm can effectively improve the transmission performance of scientific data flow.

Cloud computing is a new promising technology paradigm that can provide clients from the whole network with scalable storage resources and on-demand high-quality services. However, security concerns are raised when sensitive data are outsourced. Searchable encryption is a kind of cryptographic primitive that enables clients to selectively retrieve encrypted data, the existing schemes that support for sub-linear boolean queries are only considered in symmetric key setting, which makes a limitation for being widely deployed in many cloud applications. In order to address this issue, we propose a novel searchable asymmetric encryption scheme to support for sub-linear boolean query over encrypted data in a multi-client model that is extracted from an important observation that the outsourced database in cloud is continuously contributed and searched by multiple clients. For the purpose of introducing the scheme, we combine both the ideas of symmetric searchable encryption and public key searchable encryption and then design a novel secure inverted index. Furthermore, a detailed security analysis for our scheme is given under the simulation-based security definition. Finally, we conduct experiments for our construction on a real dataset (Enron) along with a performance analysis to show its practicality.

This paper investigates the physical-layer data secure transmission for indoor visible light communications (VLC) with simultaneous wireless information and power transfer (SWIPT) and random terminals. A typical indoor VLC system including one transmitter, one desired information receiver and one energy receiver is considered. The two receivers are randomly deployed on the floor, and the random channel characteristics is analyzed. Based on the possibility that the energy receiver is a passive information eavesdropper, the secrecy outage probability (SOP) is employed to evaluate the system performance. A closed-from expression for the lower bound of the SOP is obtained. For the derived lower bound of SOP, the theoretical results match the simulation results very well, which indicates that the derived lower bound can be used to evaluate the secrecy performance. Moreover, the gap between the results of the lower bound and the exact simulation results is also small, which verifies the correctness of the analysis method to obtain the lower bound.

To manage and handle the issues of physical security in the modern world, there is a dire need for a multilevel security system to ensure the safety of precious belongings that could be money, military equipment or medical life-saving drugs. Security locker solution is proposed which is a multiple layer security system consisting of various levels of authentication. In most cases, only relevant persons should have access to their precious belongings. The unlocking of the box is only possible when all of the security levels are successfully cleared. The five levels of security include entering of password on interactive GUI, thumbprint, facial recognition, speech pattern recognition, and vein pattern recognition. This project is unique and effective in a sense that it incorporates five levels of security in a single prototype with the use of cost-effective equipment. Assessing our security system, it is seen that security is increased many a fold as it is near to impossible to breach all these five levels of security. The Raspberry Pi microcomputers, handling all the traits efficiently and smartly makes it easy for performing all the verification tasks. The traits used involves checking, training and verifying processes with application of machine learning operations.

The performance of the trust evaluation strategy depends on the accuracy and rationality of the trust evaluation weight system. Trust is a difficult to accurate measurement and quantitative cognition in the heart, the trust of the traditional evaluation method has a strong subjectivity and fuzziness and uncertainty. This paper uses the AHP method to determine the trust evaluation index weight, and combined with grey system theory to build trust gray evaluation model. The use of gray assessment based on the whitening weight function in the evaluation process reduces the impact of the problem that the evaluation result of the trust evaluation is not easy to accurately quantify when the decision fuzzy and the operating mechanism are uncertain.

With the continuous development of the Internet of Things, intelligent manufacturing has gradually entered the application stage, which urgently needs to solve the problem of information transmission security. In order to realize data security with transmission encryption, the UHF RFID tag based on domestic cryptographic algorithm SM7 is proposed. By writing the anti-counterfeiting authentication identification code when the tag leaves the factory, verifying the identification code when the tag is issued, and using the authentication code of the tag to participate in the sectoral key dispersion, the purpose of data security protection is achieved. Through this scheme, the security of tag information and transmission is guaranteed, and a new idea is provided for the follow-up large-scale extension of intelligent manufacturing.

In this paper, a dynamic cybersecurity protection method based on software-defined networking (SDN) is proposed, according to the protection requirement analysis for industrial control systems (ICSs). This method can execute security response measures by SDN, such as isolation, redirection etc., based on the real-time intrusion detection results, forming a detecting-responding closed-loop security control. In addition, moving target defense (MTD) concept is introduced to the protection for ICSs, where topology transformation and IP/port hopping are realized by SDN, which can confuse and deceive the attackers and prevent attacks at the beginning, protection ICSs in an active manner. The simulation results verify the feasibility of the proposed method.

This article presents a consensus based distributed energy management optimization algorithm for an islanded microgrid. With the rapid development of renewable energy and distributed generation (DG) energy management is becoming more and more distributed. To solve this problem a multi-agent system based distributed solution is designed in this work which uses lambda-iteration method to solve optimization problem. Moreover, the algorithm is fully distributed and transmission losses are also considered in the modeling process which enhanced the practicality of proposed work. Simulations are performed for different cases on 8-bus microgrid to show the effectiveness of algorithm. Moreover, a scalability test is performed at the end to further justify the expandability performance of algorithm for more advanced networks.

The notion of attribute-based encryption with outsourced decryption (OD-ABE) was proposed by Green, Hohenberger, and Waters. In OD-ABE, the ABE ciphertext is converted to a partially-decrypted ciphertext that has a shorter bit length and a faster decryption time than that of the ABE ciphertext. In particular, the transformation can be performed by a powerful third party with a public transformation key. In this paper, we propose a generic approach for constructing ABE with outsourced decryption from standard ABE, as long as the later satisfies some additional properties. Its security can be reduced to the underlying standard ABE in the selective security model by a black-box way. To avoid the drawback of selective security in practice, we further propose a modified decryption outsourcing mode so that our generic construction can be adapted to satisfying adaptive security. This partially solves the open problem of constructing an OD-ABE scheme, and its adaptive security can be reduced to the underlying ABE scheme in a black-box way. Then, we present some concrete constructions that not only encompass existing ABE outsourcing schemes of Green et al., but also result in new selectively/adaptively-secure OD-ABE schemes with more efficient transformation key generation algorithm. Finally, we use the PBC library to test the efficiency of our schemes and compare the results with some previous ones, which shows that our schemes are more efficient in terms of decryption outsourcing and transformation key generation.

Classifying Hyperspectral images with few training samples is a challenging problem. The generative adversarial networks (GAN) are promising techniques to address the problems. GAN constructs an adversarial game between a discriminator and a generator. The generator generates samples that are not distinguishable by the discriminator, and the discriminator determines whether or not a sample is composed of real data. In this paper, by introducing multilayer features fusion in GAN and a dynamic neighborhood voting mechanism, a novel algorithm for HSIs classification based on 1-D GAN was proposed. Extracting and fusing multiple layers features in discriminator, and using a little labeled samples, we fine-tuned a new sample 1-D CNN spectral classifier for HSIs. In order to improve the accuracy of the classification, we proposed a dynamic neighborhood voting mechanism to classify the HSIs with spatial features. The obtained results show that the proposed models provide competitive results compared to the state-of-the-art methods.

Although Vehicle Named Data Network (VNDN) possess the communication benefits of Named Data Network and Vehicle Opportunity Network, it also introduces some new privacy problems, including the identity security of Data Requesters and Data Providers. Data providers in VNDN need to sign data packets directly, which will leak the identity information of the providers, while the vicinity malicious nodes can access the sensitive information of Data Requesters by analyzing the relationship between Data Requesters and the data names in Interest Packages that are sent directly in plaintext. In order to solve the above privacy problems, this paper presents an identity privacy protection strategy for Data Requesters and Data Providers in VNDN. A ring signature scheme is used to hide the correlation between the signature and the data provider and the anonymous proxy idea is used to protect the real identity of the data requester in the proposed strategy. Security Analysis and experiments in the ONE-based VNDN platform indicate that the proposed strategy is effective and practical.

In traditional steganographic schemes, RGB three channels payloads are assigned equally in a true color image. In fact, the security of color image steganography relates not only to data-embedding algorithms but also to different payload partition. How to exploit inter-channel correlations to allocate payload for performance enhancement is still an open issue in color image steganography. In this paper, a novel channel-dependent payload partition strategy based on amplifying channel modification probabilities is proposed, so as to adaptively assign the embedding capacity among RGB channels. The modification probabilities of three corresponding pixels in RGB channels are simultaneously increased, and thus the embedding impacts could be clustered, in order to improve the empirical steganographic security against the channel co-occurrences detection. Experimental results show that the new color image steganographic schemes incorporated with the proposed strategy can effectively make the embedding changes concentrated mainly in textured regions, and achieve better performance on resisting the modern color image steganalysis.

Denial of service (DoS) is a process of injecting malicious packets into the network. Intrusion detection system (IDS) is a system used to investigate malicious packets in the network. Software-defined network (SDN) physically separates control plane and data plane. The control plane is moved to a centralized controller, and it makes a decision in the network from a global view. The combination between IDS and SDN allows the prevention of malicious packets to be more efficient due to the advantage of the global view in SDN. IDS needs to communicate with switches to have an access to all end-to-end traffic in the network. The high traffic in the link between switches and IDS results in congestion. The congestion between switches and IDS delays the detection and prevention of malicious traffic. To address this problem, we propose a historical database (Hdb), a scheme to reduce the traffic between switches and IDS, based on the historical information of a sender. The simulation shows that in the average, 54.1% of traffic mirrored to IDS is reduced compared to the conventional schemes.

The difficult of detecting, response, tracing the malicious behavior in cloud has brought great challenges to the law enforcement in combating cybercrimes. This paper presents a malicious behavior oriented framework of detection, emergency response, traceability, and digital forensics in cloud environment. A cloud-based malicious behavior detection mechanism based on SDN is constructed, which implements full-traffic flow detection technology and malicious virtual machine detection based on memory analysis. The emergency response and traceability module can clarify the types of the malicious behavior and the impacts of the events, and locate the source of the event. The key nodes and paths of the infection topology or propagation path of the malicious behavior will be located security measure will be dispatched timely. The proposed IaaS service based forensics module realized the virtualization facility memory evidence extraction and analysis techniques, which can solve volatile data loss problems that often happened in traditional forensic methods.

Person re-identification(Person Re-ID) means that images of a pedestrian from cameras in a surveillance camera network can be automatically retrieved based on one of this pedestrian's image from another camera. The appearance change of pedestrians under different cameras poses a huge challenge to person re-identification. Person re-identification systems based on deep learning can effectively extract the appearance features of pedestrians. In this paper, the feature enhancement experiment is conducted, and the result showed that the current person reidentification datasets are relatively small and cannot fully meet the need of deep training. Therefore, this paper studied the method of using generative adversarial network to extend the person re-identification datasets and proposed a label smoothing regularization for outliers with weight (LSROW) algorithm to make full use of the generated data, effectively improved the accuracy of person re-identification.

Internet of Things (IoT) is a contemporary concept for connecting the existing things in our environment with the Internet for a sake of making the objects information are accessible from anywhere and anytime to support a modern life style based on the Internet. With the rapid development of the IoT technologies and widely spreading in most of the fields such as buildings, health, education, transportation and agriculture. Thus, the IoT applications require increasing data collection from the IoT devices to send these data to the applications or servers which collect or analyze the data, so it is a very important to secure the data and ensure that do not reach a malicious adversary. This paper reviews some attacks in the IoT applications and the security weaknesses in the IoT environment. In addition, this study presents the challenges of IoT in terms of hardware, network and software. Moreover, this paper summarizes and points to some attacks on the smart car, smart home, smart campus, smart farm and healthcare.

With the rapid development of radio detection and wireless communication, narrowband radio-frequency interference (NB-RFI) is a serious threat for GNSS-R (global navigation satellite systems - reflectometry) receivers. However, interferometric GNSS-R (iGNSS-R) is more prone to the NB-RFIs than conventional GNSS-R (cGNSS-R), due to wider bandwidth and unclean replica. Therefore, there is strong demand of detecting and mitigating NB-RFIs for GNSS-R receivers, especially iGNSS-R receivers. Hence, focusing on working with high sampling rate and simplifying the fixed-point implementation on FPGA, this paper proposes a system design exploiting cascading IIR band-stop filters (BSFs) to suppress NB-RFIs. Furthermore, IIR BSF compared with IIR notch filter (NF) and IIR band-pass filter (BPF) is the merely choice that is able to mitigate both white narrowband interference (WNBI) and continuous wave interference (CWI) well. Finally, validation and evaluation are conducted, and then it is indicated that the system design can detect NB-RFIs and suppress WNBI and CWI effectively, which improves the signal-to-noise ratio (SNR) of the Delay-Doppler map (DDM).

Every day, university networks are bombarded with attempts to steal the sensitive data of the various disparate domains and organizations they serve. For this reason, universities form teams of information security specialists called a Security Operations Center (SOC) to manage the complex operations involved in monitoring and mitigating such attacks. When a suspicious event is identified, members of the SOC are tasked to understand the nature of the event in order to respond to any damage the attack might have caused. This process is defined by administrative policies which are often very high-level and rarely systematically defined. This impedes the implementation of generalized and automated event response solutions, leading to specific ad hoc solutions based primarily on human intuition and experience as well as immediate administrative priorities. These solutions are often fragile, highly specific, and more difficult to reuse in other scenarios.

In this paper we study the problem of computing robust invariant sets for state-constrained perturbed polynomial systems within the Hamilton-Jacobi reachability framework. A robust invariant set is a set of states such that every possible trajectory starting from it never violates the given state constraint, irrespective of the actual perturbation. The main contribution of this work is to describe the maximal robust invariant set as the zero level set of the unique Lipschitz-continuous viscosity solution to a Hamilton-Jacobi-Bellman (HJB) equation. The continuity and uniqueness property of the viscosity solution facilitates the use of existing numerical methods to solve the HJB equation for an appropriate number of state variables in order to obtain an approximation of the maximal robust invariant set. We furthermore propose a method based on semi-definite programming to synthesize robust invariant sets. Some illustrative examples demonstrate the performance of our methods.

The NIST Transactive Energy (TE) Modeling and Simulation Challenge for the Smart Grid (Challenge) spanned from 2015 to 2018. The TE Challenge was initiated to identify simulation tools and expertise that might be developed or combined in co-simulation platforms to enable the evaluation of transactive energy approaches. Phase I of the Challenge spanned 2015 to 2016, with team efforts that improved understanding of TE concepts, identified relevant simulation tools and co-simulation platforms, and inspired the development of a TE co-simulation abstract component model that paved the way for Phase II. The Phase II effort spanned Spring 2017 through Spring 2018, where the teams collaboratively developed a specific TE problem scenario, a common grid topology, and common reporting metrics to enable direct comparison of results from simulation of each team's TE approach for the defined scenario. This report presents an overview of the TE Challenge, the TE abstract component model, and the common scenario. It also compiles the individual Challenge participants' research reports from Phase II. The common scenario involves a weather event impacting a distribution grid with very high penetration of photovoltaics, leading to voltage regulation challenges that are to be mitigated by TE methods. Four teams worked with this common scenario and different TE models to incentivize distributed resource response to voltage deviations, performing these simulations on different simulation platforms. A fifth team focused on a co-simulation platform that can be used for online TE simulations with existing co-simulation components. The TE Challenge Phase II has advanced co-simulation modeling tools and platforms for TE system performance analysis, developed a referenceable TE scenario that can support ongoing comparative simulations, and demonstrated various TE approaches for managing voltage on a distribution grid with high penetration of photovoltaics.

Many popular online social networks, such as Twitter, Tum-blr, and Sina Weibo, adopt too simple privacy models to satisfy users’diverse needs for privacy protection. In platforms with no (i.e., completely open) or binary (i.e., “public” and “friends-only”) access con-trol, users cannot control the dissemination boundary of the contentthey share. For instance, on Twitter, tweets in “public” accounts areaccessible to everyone including search engines, while tweets in “pro-tected” accounts are visible toallthe followers. In this work, we presentArcanato  enable  fine-grained access control for social network content sharing. In particular, we target the Twitter platform and intro-duce the “private tweet” function, which allows users to disseminateparticular tweets to designated group(s) of followers. Arcana employsCiphertext-Policy Attribute-based Encryption (CP-ABE) to implement social circle detection and private tweet encryption so that  access-controlled  tweets  are  only  readable  by  designated  recipients.  To  bestealthy, Arcana further embeds the protected content as digital water-marks in image tweets. We have implemented the Arcana prototype asa Chrome browser plug-in, and demonstrated its flexibility and effec-tiveness. Different from existing approaches that require trusted third-parties or additional server/broker/mediator, Arcana is light-weight andcompletely transparent to Twitter – all the communications, includingkey distribution and private tweet dissemination, are exchanged as Twit-ter messages. Therefore, with small API modifications, Arcana could beeasily ported to other online social networking platforms to support fine-grained access control.

Least-recently-used (LRU) caching and its variants have conventionally been used as a fundamental and critical method to ensure fast and efficient data access in computer and communication systems. Emerging data-intensive applications over unreliable channels, e.g., mobile edge computing and wireless content delivery networks, have imposed new challenges in optimizing LRU caching systems in environments prone to failures. Most existing studies focus on reliable channels, e.g., on wired Web servers and within data centers, which have already yielded good insights with successful algorithms on how to reduce cache miss ratios. Surprisingly, we show that these widely held insights do not necessarily hold true for unreliable channels. We consider a single-hop multi-cache distributed system with data items being dispatched by random hashing. The objective is to achieve efficient cache organization and data placement. The former allocates the total memory space to each of the involved caches. The latter decides data routing strategies and data replication schemes. Analytically we characterize the unreliable LRU caches by explicitly deriving their asymptotic miss probabilities. Based on these results, we optimize the system design. Remarkably, these results sometimes are counterintuitive, differing from the ones obtained for reliable caches. We discover an interesting phenomenon: asymmetric cache organization is optimal even for symmetric channels. Specifically, even when channel unreliability probabilities are equal, allocating the cache spaces unequally can achieve a better performance. We also propose an explicit unequal allocation policy that outperforms the equal allocation. In addition, we prove that splitting the total cache space into separate LRU caches can achieve a lower asymptotic miss probability than resource pooling that organizes the total space in a single LRU cache. These results provide new and even counterintuitive insights that motivate novel designs for caching systems over unreliable channels. They can potentially be exploited to further improve the system performance in real practice.

Phishing websites have long been a serious threat to cyber security. For decades, many researchers have been devoted to developing novel techniques to detect phishing websites automatically. While state-of-the-art solutions can achieve superior performances, they require substantial manual feature engineering and are not adept at detecting newly emerging phishing attacks. Therefore, developing techniques that can detect phishing websites automatically and handle zero-day phishing attacks swiftly is still an open challenge in this area. In this work, we propose PhishingNet, a deep learning-based approach for timely detection of phishing Uniform Resource Locators (URLs). Specifically, we use a Convolutional Neural Network (CNN) module to extract character-level spatial feature representations of URLs; meanwhile, we employ an attention-based hierarchical Recurrent Neural Network(RNN) module to extract word-level temporal feature representations of URLs. We then fuse these feature representations via a three-layer CNN to build accurate feature representations of URLs, on which we train a phishing URL classifier. Extensive experiments on a verified dataset collected from the Internet demonstrate that the feature representations extracted automatically are conducive to the improvement of the generalization ability of our approach on newly emerging URLs, which makes our approach achieve competitive performance against other state-of-the-art approaches.

Modulation classification is an important component of cognitive self-driving networks. Recently many ML-based modulation classification methods have been proposed. We have evaluated the robustness of 9 ML-based modulation classifiers against the powerful Carlini & Wagner (C-W) attack and showed that the current ML-based modulation classifiers do not provide any deterrence against adversarial ML examples. To the best of our knowledge, we are the first to report the results of the application of the C-W attack for creating adversarial examples against various ML models for modulation classification.

With the development of modern High-Speed Railway (HSR) and mobile communication systems, network operators have a strong demand to provide high-quality on-board Internet services for HSR passengers. Multi-path TCP (MPTCP) provides a potential solution to aggregate available network bandwidth, greatly overcoming throughout degradation and severe jitter using single transmission path during the high-speed train moving. However, the choose of MPTCP algorithms, i.e., Coupled or Uncoupled, has a great impact on the performance. In this paper, we investigate this interesting issue in the practical datasets along multiple HSR lines. Particularly, we collect the first-hand network datasets and analyze the characteristics and category of traffic flows. Based on this statistics, we measure and analyze the transmission performance for both mice flows and elephant ones with different MPTCP congestion control algorithms in HSR scenarios. The simulation results show that, by comparing with the coupled MPTCP algorithms, i.e., Fully Coupled and LIA, the uncoupled EWTCP algorithm provides more stable throughput and balances congestion window distribution, more suitable for the HSR scenario for elephant flows. This work provides significant reference for the development of on-board devices in HSR network systems.