Biblio

Human emotion recognition plays a vital role in interpersonal communication and human-machine interaction domain. Emotions are expressed through speech, hand gestures and by the movements of other body parts and through facial expression. Facial emotions are one of the most important factors in human communication that help us to understand, what the other person is trying to communicate. People understand only one-third of the message verbally, and two-third of it is through non-verbal means. There are many face emotion recognition (FER) systems present right now, but in real-life scenarios, they do not perform efficiently. Though there are many which claim to be a near-perfect system and to achieve the results in favourable and optimal conditions. The wide variety of expressions shown by people and the diversity in facial features of different people will not aid in the process of coming up with a system that is definite in nature. Hence developing a reliable system without any flaws showed by the existing systems is a challenging task. This paper aims to build an enhanced system that can analyse the exact facial expression of a user at that particular time and generate the corresponding emotion. Datasets like JAFFE and FER2013 were used for performance analysis. Pre-processing methods like facial landmark and HOG were incorporated into a convolutional neural network (CNN), and this has achieved good accuracy when compared with the already existing models.

Cost-effective and efficient sequencing technologies have resulted in massive genomic data availability. To compute on a large-scale genomic dataset, it is often required to outsource the dataset to the cloud. To protect data confidentiality, data owners encrypt sensitive data before outsourcing. Outsourcing enhances data owners to eliminate the storage management problem. Since genome data is large in volume, secure execution of researchers query is challenging. In this paper, we propose a method to securely perform count query on datasets containing genotype, phenotype, and numeric data. Our method modifies the prefix-tree proposed by Hasan et al. [1] to incorporate numerical data. The proposed method guarantees data privacy, output privacy, and query privacy. We preserve the security through encryption and garbled circuits. For a query of 100 single-nucleotide polymorphism (SNPs) sequence, we achieve query execution time approximately 3.5 minutes in a database of 1500 records. To the best of our knowledge, this is the first proposed secure framework that addresses heterogeneous biomedical data including numeric attributes.

Reinforcement learning (RL) algorithms have been demonstrated to be very attractive tools to train agents to achieve sequential tasks. However, these algorithms require too many training data to converge to be efficiently applied to physical robots. By using a human teacher, the learning process can be made faster and more robust, but the overall performance heavily depends on the quality and availability of teacher demonstrations or instructions. In particular, when these teaching signals are inadequate, the agent may fail to learn an optimal policy. In this paper, we introduce a trust-based interactive task learning approach. We propose an RL architecture able to learn both from environment rewards and from various sparse teaching signals provided by non-expert teachers, using an actor-critic agent, a human model and a trust model. We evaluate the performance of this architecture on 4 different setups using a maze environment with different simulated teachers and show that the benefits of the trust model.

Cross-Site Scripting (XSS) is an attack most often carried out by attackers to attack a website by inserting malicious scripts into a website. This attack will take the user to a webpage that has been specifically designed to retrieve user sessions and cookies. Nearly 68% of websites are vulnerable to XSS attacks. In this study, the authors conducted a study by evaluating several machine learning methods, namely Support Vector Machine (SVM), K-Nearest Neighbour (KNN), and Naïve Bayes (NB). The machine learning algorithm is then equipped with the n-gram method to each script feature to improve the detection performance of XSS attacks. The simulation results show that the SVM and n-gram method achieves the highest accuracy with 98%.

Despite the increased accuracy of intrusion detection systems (IDS) in identifying cyberattacks in computer networks and devices connected to the internet, distributed or coordinated attacks can still go undetected or not detected on time. The single vantage point limits the ability of these IDSs to detect such attacks. Due to this reason, there is a need for attack characteristics' exchange among different IDS nodes. Researchers proposed a cooperative intrusion detection system to share these attack characteristics effectively. This approach was useful; however, the security of the shared data cannot be guaranteed. More specifically, maintaining the integrity and consistency of shared data becomes a significant concern. In this paper, we propose a blockchain-based solution that ensures the integrity and consistency of attack characteristics shared in a cooperative intrusion detection system. The proposed architecture achieves this by detecting and preventing fake features injection and compromised IDS nodes. It also facilitates scalable attack features exchange among IDS nodes, ensures heterogeneous IDS nodes participation, and it is robust to public IDS nodes joining and leaving the network. We evaluate the security analysis and latency. The result shows that the proposed approach detects and prevents compromised IDS nodes, malicious features injection, manipulation, or deletion, and it is also scalable with low latency.

Video streams acquired from thermal cameras are proven to be beneficial in diverse number of fields including military, healthcare, law enforcement, and security. Despite the hype, thermal imaging is increasingly affected by poor resolution, where it has expensive optical sensors and inability to attain optical precision. In recent years, deep learning based super-resolution algorithms are developed to enhance the video frame resolution at high accuracy. This paper presents a comparative analysis of super resolution (SR) techniques based on deep neural networks (DNN) that are applied on thermal video dataset. SRCNN, EDSR, Auto-encoder, and SRGAN are also discussed and investigated. Further the results on benchmark thermal datasets including FLIR, OSU thermal pedestrian database and OSU color thermal database are evaluated and analyzed. Based on the experimental results, it is concluded that, SRGAN has delivered a superior performance on thermal frames when compared to other techniques and improvements, which has the ability to provide state-of-the art performance in real time operations.

Robot networks are susceptible to fail under the presence of malicious or defective robots. Resilient networks in the literature require high connectivity and large communication ranges, leading to high energy consumption in the communication network. This paper presents robot formations with guaranteed resiliency that use smaller communication ranges than previous results in the literature. The formations can be built on triangular and square lattices in the plane, and cubic lattices in the three-dimensional space. We support our theoretical framework with simulations.

Nowadays, Vehicular Ad hoc Networks (VANETs) are popularly known as they can reduce traffic and road accidents. These networks need several security requirements, such as anonymity, data authentication, confidentiality, traceability and cancellation of offending users, unlinkability, integrity, undeniability and access control. Authentication of the data and sender are most important security requirements in these networks. So many authentication schemes have been proposed up to now. One of the well-known techniques to provide users authentication in these networks is the authentication based on the smartcard (ASC). In this paper, we propose an ASC scheme that not only provides necessary security requirements such as anonymity, traceability and unlinkability in the VANETs but also is more efficient than the other schemes in the literatures.

To our best knowledge, the p-sensitive k-anonymity model is a sophisticated model to resist linking attacks and homogeneous attacks in data publishing. However, if the distribution of sensitive values is skew, the model is difficult to defend against skew attacks and even faces sensitive attacks. In practice, the privacy requirements of different sensitive values are not always identical. The “one size fits all” unified privacy protection level may cause unnecessary information loss. To address these problems, the paper quantifies privacy requirements with the concept of IDF and concerns more about sensitive groups. Two enhanced anonymous models with personalized protection characteristic, that is, (p,αisg) -sensitive k-anonymity model and (pi,αisg)-sensitive k-anonymity model, are then proposed to resist skew attacks and sensitive attacks. Furthermore, two clustering algorithms with global search and local search are designed to implement our models. Experimental results show that the two enhanced models have outstanding advantages in better privacy at the expense of a little data utility.

Heterogeneous system-on-chip platforms with multiple processing cores are becoming increasingly common in safety-and security-critical embedded systems. To facilitate a logical isolation of physically connected on-chip components, internal communication links of such platforms are often equipped with dedicated access protection units. When performed manually, however, the configuration of these units can be both time-consuming and error-prone. To resolve this issue, we present a formal model and a corresponding design methodology that allows developers to specify access permissions and information flow requirements for embedded systems in a mostly platform-independent manner. As part of the methodology, the consistency between the permissions and the requirements is automatically verified and an extensible generation framework is used to transform the abstract permission declarations into configuration code for individual access protection units. We present a prototypical implementation of this approach and validate it by generating configuration code for the access protection unit of a commercially available multiprocessor system-on-chip.

Traditionally, the management of power distribution networks relies on the centralized implementation of the optimal power flow and, in particular, the minimization of the generation cost and transmission losses. Nevertheless, the increasing penetration of both renewable energy sources and independent players such as ancillary service providers in modern networks have made this centralized framework inadequate. Against this background, we propose a noncooperative game-theoretic framework for optimally controlling energy storage systems (ESSs) in power distribution networks. Specifically, in this paper we address a power grid model that comprehends traditional loads, distributed generation sources and several independent energy storage providers, each owning an individual ESS. Through a rolling-horizon approach, the latter participate in the grid optimization process, aiming both at increasing the penetration of distributed generation and leveling the power injection from the transmission grid. Our framework incorporates not only economic factors but also grid stability aspects, including the power flow constraints. The paper fully describes the distribution grid model as well as the underlying market hypotheses and policies needed to force the energy storage providers to find a feasible equilibrium for the network. Numerical experiments based on the IEEE 33-bus system confirm the effectiveness and resiliency of the proposed framework.

In this paper, we design a technique for mapping the source code into a vector space and we show its application in the recognition of security weaknesses. By applying ideas commonly used in Natural Language Processing, we train a model for producing an embedding of programs starting from their Abstract Syntax Trees. We then show how such embedding is able to infer clusters roughly separating different classes of software weaknesses. Even if the training of the embedding is unsupervised and made on a generic Java dataset, we show that the model can be used for supervised learning of specific classes of vulnerabilities, helping to capture some features distinguishing them in code. Finally, we discuss how our model performs over the different types of vulnerabilities categorized by the CWE initiative.

Security preservation is considered as one of the major concerns in this digital world, mainly for performing any online transactions. As the time progress, it witnesses an enormous amount of security threats and stealing different kind of digital information over the online network. In this regard, lots of cryptographic algorithms based on secret key generation techniques have been implemented to boost up the security aspect of network systems that preserve the confidentiality of digital information. Despite this, intelligent intruders are still able to crack the key generation technique, thus stealing the data. In this research article, we propose an innovative approach for generating a pseudo-pseudo-random key sequence that serves as a base for the encryption/decryption process. The key generation process is carried out by extracting the essential features from a facial image and based on the extracted features; a pseudo-random key sequence that acts as a primary entity for the efficient encryption/decryption process is generated. Experimental findings related to the pseudo-random key is validated through chi-square, runs up-down and performs a period of subsequence test. Outcomes of these have subsequently passed in achieving an ideal key.

Document integrity and origin for E2E S2S in IoTcloud have recently received considerable attention because of their importance in the real-world fields. Maintaining integrity could protect decisions made based on these message/image documents. Authentication and integrity solutions have been conducted to recognise or protect any modification in the exchange of documents between E2E S2S (smart-to-smart). However, none of the proposed schemes appear to be sufficiently designed as a secure scheme to prevent known attacks or applicable to smart devices. We propose a robust scheme that aims to protect the integrity of documents for each users session by integrating HMAC-SHA-256, handwritten feature extraction using a local binary pattern, one-time random pixel sequence based on RC4 to randomly hide authentication codes using LSB. The proposed scheme can provide users with one-time bio-key, robust message anonymity and a disappearing authentication code that does not draw the attention of eavesdroppers. Thus, the scheme improves the data integrity for a users messages/image documents, phase key agreement, bio-key management and a one-time message/image document code for each users session. The concept of stego-anonymity is also introduced to provide additional security to cover a hashed value. Finally, security analysis and experimental results demonstrate and prove the invulnerability and efficiency of the proposed scheme.

A time-delay switch (TDS) cyber attack is a deliberate attempt by malicious adversaries aiming at destabilizing a power system by impeding the communication signals to/from the centralized controller from/to the network sensors and generating stations that participate in the load frequency control (LFC). A TDS cyber attack can be targeting the sensing loops (transmitting network measurements to the centralized controller) or the control signals dispatched from the centralized controller to the governor valves of the generating stations. A resilient TDS control strategy is proposed and developed in this work that thwarts network instabilities that are caused by delays in the sensing loops, and control commands, and guarantees normal operation of the LFC mechanism. This will be achieved by augmenting the telemetered control commands with locally generated feedback control laws (i.e., “decentralized” control commands) taking measurements that are available and accessible at the power generating stations (locally) independent from all the telemetered signals to/from the centralized controller. Our objective is to devise a controller that is capable of circumventing all types of TDS and DoS (Denial of Service) cyber attacks as well as a broad class of False Data Injection (FDI) cyber attacks.

This paper describes an approach to the security fault tolerance of access control in which the security breaches of an access control are tolerated by means of a security fault tolerant (SFT) access control. Though an access control is securely designed and implemented, it can contain faults in development or be contaminated in operation. The threats to an access control are analyzed to identify possible security breaches. To tolerate the security breaches, an SFT access control is made to be semantically identical to an access control. Our approach is described using role-based access control (RBAC) and extended access control list (EACL). A healthcare system is used to demonstrate our approach.

This work describes a top down systems security requirements analysis approach for understanding and eliciting security requirements for a notional small unmanned aerial system (SUAS). More specifically, the System-Theoretic Process Analysis approach for Security (STPA-Sec) is used to understand and elicit systems security requirements. The effort employs STPA-Sec on a notional SUAS system case study to detail the development of functional-level security requirements, design-level engineering considerations, and architectural-level security specification criteria early in the system life cycle when the solution trade-space is largest rather than merely examining components and adding protections during system operation or sustainment. These details were elaborated during a semester independent study research effort by two United States Air Force Academy Systems Engineering cadets, guided by their instructor and a series of working group sessions with UAS operators and subject matter experts. This work provides insight into a viable systems security requirements analysis approach which results in traceable security, safety, and resiliency requirements that can be designed-for, built-to, and verified with confidence.

Vulnerabilities in privileged software layers have been exploited with severe consequences. Recently, Trusted Execution Environments (TEEs) based technologies have emerged as a promising approach since they claim strong confidentiality and integrity guarantees regardless of the trustworthiness of the underlying system software. In this paper, we consider one of the most prominent TEE technologies, referred to as Intel Software Guard Extensions (SGX). Despite many formal approaches, there is still a lack of formal proof of some critical processes of Intel SGX, such as remote attestation. To fill this gap, we propose a fully automated, rigorous, and sound formal approach to specify and verify the Enhanced Privacy ID (EPID)-based remote attestation in Intel SGX under the assumption that there are no side-channel attacks and no vulnerabilities inside the enclave. The evaluation indicates that the confidentiality of attestation keys is preserved against a Dolev-Yao adversary in this technology. We also present a few of the many inconsistencies found in the existing literature on Intel SGX attestation during formal specification.

As the increasing demands of social services, unmanned aerial vehicles (UAVs)-assisted networks promote the promising prospect for implementing high-rate information transmission and applications. The sensing data can be collected by UAVs, a large number of applications based on UAVs have been realized in the 5G networks. However, the malicious UAVs may provide false information and destroy the services. The 5G UAV communication systems face the security threats. Therefore, this paper develops a novel trust-based security scheme for 5G UAV communication systems. Firstly, the architecture of the 5G UAV communication system is presented to improve the communication performance. Secondly, the trust evaluation scheme for UAVs is developed to evaluate the reliability of UAVs. By introducing the trust threshold, the malicious UAVs will be filtered out from the systems to protect the security of systems. Finally, the simulation results have been demonstrated the effectiveness of the proposed scheme.

Security has become a crucial consideration and is one of the most important design goals for an embedded system. This paper examines the type of boot sequence, and more specifically a trusted boot which utilizes the method of chain of trust. After defining these terms, this paper will examine the limitations of the existing safe boot, and finally propose the method of trusted boot based on hypothesis testing benchmark and the cost it takes to perform this method.

In this paper, we propose two new attacks: the Adversarial Universal False Positive (UFP) Attack and the Adversarial Universal False Negative (UFN) Attack. The objective of this research is to introduce a new class of attack using only feature vector information. The results show the potential weaknesses of five machine learning (ML) classifiers. These classifiers include k-Nearest Neighbor (KNN), Naive Bayes (NB), Random Forrest (RF), a Support Vector Machine (SVM) with a Radial Basis Function (RBF) Kernel, and XGBoost (XGB).

IoT adds more flexibility in many areas of applications to makes it easy to monitor and manage data instantaneously. However, IoT has many challenges regarding its security and storage issues. Moreover, the third-party trusting agents of IoT devices do not support sufficient security level between the network peers. This paper proposes improving the trust, processing power, and storage capability of IoT in distributed system topology by adopting the blockchain approach. An application, IoT Trust Management (ITM), is proposed to manage the trust of the shared content through the blockchain network, e.g., supply chain. The essential key in ITM is the trust management of IoT devices data are done using peer to peer (P2P), i.e., no third-party. ITM is running on individual python nodes and interact with frontend applications creating decentralized applications (DApps). The IoT data shared and stored in a ledger, which has the IoT device published details and data. ITM provides a higher security level to the IoT data shared on the network, such as unparalleled security, speed, transparency, cost reduction, check data, and Adaptability.

Compared with traditional centralized control strategies, the distributed control systems significantly improve the flexibility and expandability of an modular multilevel converter (MMC). However, the stability issue in the MMC distributed control system with the presence of control loop coupling interactions is rarely discussed in existing research works. This article is to improve the stability of an MMC distributed control system by inhibiting the control conflict due to the coupling interactions among control loops with incomplete control information. By modeling the MMC distributed control system, the control loop coupling interactions are analyzed and the essential cause of control conflict is revealed. Accordingly, a control parameter design principle is proposed to effectively suppress the disturbances from the targeted control conflict and improve the MMC system stability. The rationality of the theoretical analysis and the effectiveness of the control parameter design principle are confirmed by simulation and experimental results.

Attack graphs are commonly used to analyse the security of medium-sized to large networks. Based on a scan of the network and likelihood information of vulnerabilities, attack graphs can be transformed into Bayesian Attack Graphs (BAGs). These BAGs are used to evaluate how security controls affect a network and how changes in topology affect security. A challenge with these automatically generated BAGs is that cycles arise naturally, which make it impossible to use Bayesian network theory to calculate state probabilities. In this paper we provide a systematic approach to analyse and perform computations over cyclic Bayesian attack graphs. We present an interpretation of Bayesian attack graphs based on combinational logic circuits, which facilitates an intuitively attractive systematic treatment of cycles. We prove properties of the associated logic circuit and present an algorithm that computes state probabilities without altering the attack graphs (e.g., remove an arc to remove a cycle). Moreover, our algorithm deals seamlessly with any cycle without the need to identify their type. A set of experiments demonstrates the scalability of the algorithm on computer networks with hundreds of machines, each with multiple vulnerabilities.

Nowadays, the Internet of Things (IoT) is playing an important role in our life. This inevitably generates mass data and requires a more secure transmission. As blockchain technology can build trust in a distributed environment and ensure the data traceability and tamper resistance, it is a promising way to support IoT data transmission and sharing. In this paper, edge computing is considered to provide adequate resources for end users to offload computing tasks in the blockchain enabled IoT system, and the node pairing problem between end users and edge computing servers is researched with the consideration of wireless channel quality and the service quality. From the perspective of the end users, the objective optimization is designed to maximize the profits and minimize the payments for completing the tasks and ensuring the resource limits of the edge servers at the same time. The deep reinforcement learning (DRL) method is utilized to train an intelligent strategy, and the policy gradient based node pairing (PG-NP) algorithm is proposed. Through a deep neural network, the well-trained policy matched the system states to the optimal actions. The REINFORCE algorithm with baseline is applied to train the policy network. According to the training results, as the comparison strategies are max-credit, max-SINR, random and max-resource, the PG-NP algorithm performs about 57% better than the second-best method. And testing results show that PGNP also has a good generalization ability which is negatively correlated with the training performance to a certain extend.