Biblio

In existing Communication Based Train Control (CBTC) system, information security threats are analyzed, then information security demands of CBTC system are put forward. To protect information security, three security domains are divided according the Safety Integrity Level (SIL)) of CBTC system. Information security architecture of CBTC system is designed, special use firewalls and intrusion detection system are adopted. Through this CBTC system security are enhanced and operation safety is ensured.

Batched network coding (BNC) is a low-complexity solution to network transmission in feedbackless multi-hop packet networks with packet loss. BNC encodes the source data into batches of packets. As a network coding scheme, the intermediate nodes perform recoding on the received packets instead of just forwarding them. Blockwise adaptive recoding (BAR) is a recoding strategy which can enhance the throughput and adapt real-time changes in the incoming channel condition. In wireless applications, in order to combat burst packet loss, interleavers can be applied for BNC in a hop-by-hop manner. In particular, a batch-stream interleaver that permutes packets across blocks can be applied with BAR to further boost the throughput. However, the previously proposed minimal communication protocol for BNC only supports permutation of packets within a block, called intrablock interleaving, and so it is not compatible with the batch-stream interleaver. In this paper, we design an intrablock interleaver for BAR that is backward compatible with the aforementioned minimal protocol, so that the throughput can be enhanced without upgrading all the existing devices.

Underwater wireless sensor network(UWSN) is an emerging technology for exploring and research inside the ocean. Since it is somehow similar to the normal wireless network, which uses radio signals for communication purposes, while UWSN uses acoustic for communication between nodes inside the ocean and sink nodes. Due to unattended areas and the vulnerability of acoustic medium, UWNS are more prone to various malicious attacks like Sybil attack, Black-hole attack, Wormhole attack, etc. This paper analyzes blackhole attacks in UWSN and proposes an algorithm to mitigate blackhole attacks by forming clusters of nodes and selecting coordinator nodes from each cluster to identify the presence of blackholes in its cluster. We used public-key cryptography and the challenge-response method to authenticate and verify nodes.

Web caching is one strategy that can be used to speed up response times by storing frequently accessed data in the cache server. Given the cache server limited capacity, it is necessary to determine the priority of cached data that can enter the cache server. This study simulated cached data prioritization based on an objective function as a characteristic of problem-solving using an optimization approach. The objective function of web caching is formulated based on the variable data size, count access, and frequency-time access. Then we use the knapsack problem method to find the optimal solution. The Simulations run three swarm intelligence algorithms Ant Colony Optimization (ACO), Genetic Algorithm (GA), and Binary Particle Swarm Optimization (BPSO), divided into several scenarios. The simulation results show that the GA algorithm relatively stable and fast to convergence. The ACO algorithm has the advantage of a non-random initial solution but has followed the pheromone trail. The BPSO algorithm is the fastest, but the resulting solution quality is not as good as ACO and GA.

With advantages of low cost, high mobility, and flexible deployment, unmanned aerial vehicle (UAVs) are employed to efficiently detect abnormal vehicle behaviors (AVBs) in the internet of vehicles (IoVs). However, due to limited resources including battery, computing, and communication, UAVs are selfish to work cooperatively. To solve the above problem, in this paper, a game theoretical UAV incentive scheme in IoVs is proposed. Specifically, the abnormal behavior model is first constructed, where three model categories are defined: velocity abnormality, distance abnormality, and overtaking abnormality. Then, the barging pricing framework is designed to model the interactions between UAVs and IoVs, where the transaction prices are determined with the abnormal behavior category detected by UAVs. At last, simulations are conducted to verify the feasibility and effectiveness of our proposed scheme.

Smart meter devices enable a better understanding of the demand at the potential risk of private information leakage. One promising solution to mitigating such risk is to inject noises into the meter data to achieve a certain level of differential privacy. In this paper, we cast one-shot non-intrusive load monitoring (NILM) in the compressive sensing framework, and bridge the gap between theoretical accuracy of NILM inference and differential privacy's parameters. We then derive the valid theoretical bounds to offer insights on how the differential privacy parameters affect the NILM performance. Moreover, we generalize our conclusions by proposing the hierarchical framework to solve the multishot NILM problem. Numerical experiments verify our analytical results and offer better physical insights of differential privacy in various practical scenarios. This also demonstrates the significance of our work for the general privacy preserving mechanism design.

We propose a secure and efficient implementation of fungible tokens on Bitcoin. Our technique is based on a small extension of the Bitcoin script language, which allows the spending conditions in a transaction to depend on the neighbour transactions. We show that our implementation is computationally sound: that is, adversaries can make tokens diverge from their ideal functionality only with negligible probability.

Existing group shilling attack detection methods mainly depend on human feature engineering to extract group attack behavior features, which requires a high knowledge cost. To address this problem, we propose a group shilling attack detection method based on maximum density subtensor mining. First, the rating time series of each item is divided into time windows and the item tensor groups are generated by establishing the user-rating-time window data models of three-dimensional tensor. Second, the M-Zoom model is applied to mine the maximum dense subtensor of each item, and the subtensor groups with high consistency of behaviors are selected as candidate groups. Finally, a dual-input convolutional neural network model is designed to automatically extract features for the classification of real users and group attack users. The experimental results on the Amazon and Netflix datasets show the effectiveness of the proposed method.

In a group shilling attack, attackers work collaboratively to inject fake profiles aiming to obtain desired recommendation result. This type of attacks is more harmful to recommender systems than individual shilling attacks. Previous studies pay much attention to detect individual attackers, and little work has been done on the detection of shilling groups. In this work, we introduce a topic modeling method of natural language processing into shilling attack detection and propose a shilling group detection method on the basis of hierarchical topic model. First, we model the given dataset to a series of user rating documents and use the hierarchical topic model to learn the specific topic distributions of each user from these rating documents to describe user rating behaviors. Second, we divide candidate groups based on rating value and rating time which are not involved in the hierarchical topic model. Lastly, we calculate group suspicious degrees in accordance with several indicators calculated through the analysis of user rating distributions, and use the k-means clustering algorithm to distinguish shilling groups. The experimental results on the Netflix and Amazon datasets show that the proposed approach performs better than baseline methods.

Spatial crowdsourcing has stimulated various new applications such as taxi calling and food delivery. A key enabler for these spatial crowdsourcing based applications is to plan routes for crowd workers to execute tasks given diverse requirements of workers and the spatial crowdsourcing platform. Despite extensive studies on task planning in spatial crowdsourcing, few have accounted for the location privacy of tasks, which may be misused by an untrustworthy platform. In this paper, we explore efficient task planning for workers while protecting the locations of tasks. Specifically, we define the Privacy-Preserving Task Planning (PPTP) problem, which aims at both total revenue maximization of the platform and differential privacy of task locations. We first apply the Laplacian mechanism to protect location privacy, and analyze its impact on the total revenue. Then we propose an effective and efficient task planning algorithm for the PPTP problem. Extensive experiments on both synthetic and real datasets validate the advantages of our algorithm in terms of total revenue and time cost.

The rapid development of machine learning technology has prompted the applications of Automatic Speech Recognition(ASR). However, studies have shown that the state-of-the-art ASR technologies are still vulnerable to various attacks, which undermines the stability of ASR destructively. In general, most of the existing attack techniques for the ASR model are based on white box scenarios, where the adversary uses adversarial samples to generate a substituted model corresponding to the target model. On the contrary, there are fewer attack schemes in the black-box scenario. Moreover, no scheme considers the problem of how to construct the architecture of the substituted models. In this paper, we point out that constructing a good substituted model architecture is crucial to the effectiveness of the attack, as it helps to generate a more sophisticated set of adversarial examples. We evaluate the performance of different substituted models by comprehensive experiments, and find that ensemble substituted models can achieve the optimal attack effect. The experiment shows that our approach performs attack over 80% success rate (2% improvement compared to the latest work) meanwhile maintaining the authenticity of the original sample well.

In recent years, the application of style transfer has become more and more widespread. Traditional deep learning-based style transfer networks often have problems such as image distortion, loss of detailed information, partial content disappearance, and transfer errors. The style transfer network based on deep learning that we propose in this article is aimed at dealing with these problems. Our method uses image edge information fusion and semantic segmentation technology to constrain the image structure before and after the migration, so that the converted image maintains structural consistency and integrity. We have verified that this method can successfully suppress image conversion distortion in most scenarios, and can generate good results.

Advanced persistent threat (APT) attackers usually conduct a large number of network reconnaissance before a formal attack to discover exploitable vulnerabilities in the target network and system. The static configuration in traditional network systems provides a great advantage for adversaries to find network targets and launch attacks. To reduce the effectiveness of adversaries' continuous reconnaissance attacks, this paper develops a moving target defense (MTD) enhanced cyber deception defense system based on software-defined networks (SDN). The system uses virtual network topology to confuse the target network and system information collected by adversaries. Also Besides, it uses IP address randomization to increase the dynamics of network deception to enhance its defense effectiveness. Finally, we implemented the system prototype and evaluated it. In a configuration where the virtual network topology scale is three network segments, and the address conversion cycle is 30 seconds, this system delayed the adversaries' discovery of vulnerable hosts by an average of seven times, reducing the probability of adversaries successfully attacking vulnerable hosts by 83%. At the same time, the increased system overhead is basically within 10%.

Due to the wide deployment of deep learning applications in safety-critical systems, robust and secure execution of deep learning workloads is imperative. Adversarial examples, where the inputs are carefully designed to mislead the machine learning model is among the most challenging attacks to detect and defeat. The most dominant approach for defending against adversarial examples is to systematically create a network architecture that is sufficiently robust. Neural Architecture Search (NAS) has been heavily used as the de facto approach to design robust neural network models, by using the accuracy of detecting adversarial examples as a key metric of the neural network's robustness. While NAS has been proven effective in improving the robustness (and accuracy in general), the NAS-generated network models run noticeably slower on typical DNN accelerators than the hand-crafted networks, mainly because DNN accelerators are not optimized for robust NAS-generated models. In particular, the inherent multi-branch nature of NAS-generated networks causes unacceptable performance and energy overheads.To bridge the gap between the robustness and performance efficiency of deep learning applications, we need to rethink the design of AI accelerators to enable efficient execution of robust (auto-generated) neural networks. In this paper, we propose a novel hardware architecture, NASGuard, which enables efficient inference of robust NAS networks. NASGuard leverages a heuristic multi-branch mapping model to improve the efficiency of the underlying computing resources. Moreover, NASGuard addresses the load imbalance problem between the computation and memory-access tasks from multi-branch parallel computing. Finally, we propose a topology-aware performance prediction model for data prefetching, to fully exploit the temporal and spatial localities of robust NAS-generated architectures. We have implemented NASGuard with Verilog RTL. The evaluation results show that NASGuard achieves an average speedup of 1.74× over the baseline DNN accelerator.

Intrusion detection is a traditional practice of security experts, however, there are several issues which still need to be tackled. Therefore, in this paper, after highlighting these issues, we present an architecture for a hybrid Intrusion Detection System (IDS) for an adaptive and incremental detection of both known and unknown attacks. The IDS is composed of supervised and unsupervised modules, namely, a Deep Neural Network (DNN) and the K-Nearest Neighbors (KNN) algorithm, respectively. The proposed system is near-autonomous since the intervention of the expert is minimized through the active learning (AL) approach. A query strategy for the labeling process is presented, it aims at teaching the supervised module to detect unknown attacks and improve the detection of the already-known attacks. This teaching is achieved through sliding windows (SW) in an incremental fashion where the DNN is retrained when the data is available over time, thus rendering the IDS adaptive to cope with the evolutionary aspect of the network traffic. A set of experiments was conducted on the CICIDS2017 dataset in order to evaluate the performance of the IDS, promising results were obtained.

The network security problem brought by the cloud computing has become an important issue to be dealt with in information construction. Since anomaly detection and attack detection in cloud environment need to find the vulnerability through the reverse analysis of data flow, it is of great significance to carry out the reverse analysis of unknown network protocol in the security application of cloud environment. To solve this problem, an improved mining method on bitstream protocol association rules with unknown type and format is proposed. The method combines the location information of the protocol framework to make the frequent extraction process more concise and accurate. In addition, for the frame separation problem of unknown protocol, we design a hierarchical clustering algorithm based on Jaccard distance and a frame field delimitation method based on the proximity of information entropy between bytes. The experimental results show that this technology can correctly resolve the protocol format and realize the purpose of anomaly detection in cloud computing, and ensure the security of cloud services.

With the processes of collecting, analyzing, and transmitting the data in the Internet of Things (IoT), the Internet of Medical Things (IoMT) comprises the medical equipment and applications connected to the healthcare system and offers an entity with real time, remote measurement, and analysis of healthcare data. However, the IoMT ecosystem deals with some great challenges in terms of security, such as privacy leaking, eavesdropping, unauthorized access, delayed detection of life-threatening episodes, and so forth. All these negative effects seriously impede the implementation of the IoMT ecosystem. To overcome these obstacles, this article presents an efficient, outsourced online/offline revocable ciphertext policy attribute-based encryption scheme with the aid of cloud servers and blockchains in the IoMT ecosystem. Our proposal achieves the characteristics of fine-grained access control, fast encryption, outsourced decryption, user revocation, and ciphertext verification. It is noteworthy that based on the chameleon hash function, we construct the private key of the data user with collision resistance, semantically secure, and key-exposure free to achieve revocation. To the best of our knowledge, this is the first protocol for a revocation mechanism by means of the chameleon hash function. Through formal analysis, it is proven to be secure in a selectively replayable chosen-ciphertext attack (RCCA) game. Finally, this scheme is implemented with the Java pairing-based cryptography library, and the simulation results demonstrate that it enables high efficiency and practicality, as well as strong reliability for the IoMT ecosystem.

Intelligent reflecting surfaces (IRS) can improve the physical layer security (PLS) by providing a controllable wireless environment. In this paper, we propose a novel PLS technique with the help of IRS implemented by an intelligent mirror array for the visible light communication (VLC) system. First, for the IRS aided VLC system containing an access point (AP), a legitimate user and an eavesdropper, the IRS channel gain and a lower bound of the achievable secrecy rate are derived. Further, to enhance the IRS channel gain of the legitimate user while restricting the IRS channel gain of the eavesdropper, we formulate an achievable secrecy rate maximization problem for the proposed IRS-aided PLS technique to find the optimal orientations of mirrors. Since the sensitivity of mirrors’ orientations on the IRS channel gain makes the optimization problem hard to solve, we transform the original problem into a reflected spot position optimization problem and solve it by a particle swarm optimization (PSO) algorithm. Our simulation results show that secrecy performance can be significantly improved by adding an IRS in a VLC system.

With the development of open source projects, a large number of open source codes will be reused in binary software, and bugs in source codes will also be introduced into binary codes. In order to detect the reused open source codes in binary codes, it is sometimes necessary to compare and analyze the similarity between source codes and binary codes. One of the main challenge is that the compilation process can generate different binary code representations for the same source code, such as different compiler versions, compilation optimization options and target architectures, which greatly increases the difficulty of semantic similarity detection between source code and binary code. In order to solve the influence of the compilation process on the comparison of semantic similarity of codes, this paper transforms the source code and binary code into LLVM intermediate representation (LLVM IR), which is a universal intermediate representation independent of source code and binary code. We carry out semantic feature extraction and embedding training on LLVM IR based on natural language processing model. Experimental results show that LLVM IR eliminates the influence of compilation on the syntax differences between source code and binary code, and the semantic features of code are well represented and preserved.

With the rapid development of the electric power Internet-of-Things (power IoT) technology and the widespread use of general-purpose software, hardware and network facilities, the power IoT has become more and more open, which makes the traditional power system face new cyber security threats. In order to find the vulnerable device nodes and attack links in the power IoT system, this paper studies a set of attack path calculation methods and vulnerability node discovery algorithms, which can construct a power IoT attack simulation program based on the value of equipment assets and information attributes. What’s more, this paper has carried on the example analysis and verification on the improved IEEE RBTS Bus 2 system. Based on the above research plan, this paper finally developed a set of power IoT attack simulation tool based on distribution electronic stations, which can well find the vulnerable devices in the system.

This work proposes an event-triggered adaptive asymptotic tracking control scheme for flexible robotic manipulators. Firstly, by employing the command filtered backstepping technology, the ``explosion of complexity'' problem is overcame. Then, the event-triggered strategy is utilized which makes that the control input is updated aperiodically when the event-trigger occurs. The utilized event-triggered mechanism reduces the transmission frequency of computer and saves computer resources. Moreover, it can be proved that all the variables in the closed-loop system are bounded and the tracking error converges asymptotically to zero. Finally, the simulation studies are included to show the effectiveness of the proposed control scheme.

Particle filtering is an indispensable method for non-Gaussian state estimation, but it has some problems, such as particle degradation and requiring a large number of particles to ensure accuracy. Biota intelligence algorithms led by Cuckoo (CS) and Firefly (FA) have achieved certain results after introducing particle filtering, respectively. This paper respectively in the two kinds of bionic algorithm convergence factor and adaptive step length and random mobile innovation, seized the cuckoo algorithm (CS) in the construction of the initial value and the firefly algorithm (FA) in the iteration convergence advantages, using the improved after the update mechanism of cuckoo algorithm optimizing the initial population, and will be updated after optimization way of firefly algorithm combined with particle filter. Experimental results show that this method can ensure the diversity of particles and greatly reduce the number of particles needed for prediction while improving the filtering accuracy.

In this paper, we consider a wireless federated learning (FL) system concerning differential privacy (DP) guarantee, where multiple edge devices collaboratively train a shared model under the coordination of a central base station (BS) through over-the-air computation (AirComp). However, due to the heterogeneity of wireless links, it is difficult to achieve the optimal trade-off between model privacy and accuracy during the FL model aggregation. To address this issue, we propose to utilize the reconfigurable intelligent surface (RIS) technology to mitigate the communication bottleneck in FL by reconfiguring the wireless propagation environment. Specifically, we aim to minimize the model optimality gap while strictly meeting the DP and transmit power constraints. This is achieved by jointly optimizing the device transmit power, artificial noise, and phase shifts at RIS, followed by developing a two-step alternating minimization framework. Simulation results will demonstrate that the proposed RIS-assisted FL model achieves a better trade-off between accuracy and privacy than the benchmarks.

In order to guarantee the normal operation of the power Internet of things devices, the zero-trust idea was used for studying the security protection strategies of devices from four aspects: user authentication, equipment trust, application integrity and flow baselines. Firstly, device trust is constructed based on device portrait; then, verification of device application integrity based on MD5 message digest algorithm to achieve device application trustworthiness. Next, the terminal network traffic baselines are mined from OpenFlow, a southbound protocol in SDN. Finally, according to the dynamic user trust degree attribute access control model, the comprehensive user trust degree was obtained by weighting the direct trust degree. It obtained from user authentication and the trust degree of user access to terminal communication traffic. And according to the comprehensive trust degree, users are assigned the minimum authority to access the terminal to realize the security protection of the terminal. According to the comprehensive trust degree, the minimum permissions for users to access the terminal were assigned to achieve the security protection of the terminal. The research shows that the zero-trust mechanism is applied to the terminal security protection of power Internet of Things, which can improve the reliability of the safe operation of terminal equipment.

This paper studies the secure computation offloading for multi-user multi-server mobile edge computing (MEC)-enabled internet of things (IoT). A novel jamming signal scheme is designed to interfere with the decoding process at the Eve, but not impair the uplink task offloading from users to APs. Considering offloading latency and secrecy constraints, this paper studies the joint optimization of communication and computation resource allocation, as well as partial offloading ratio to maximize the total secrecy offloading data (TSOD) during the whole offloading process. The considered problem is nonconvex, and we resort to block coordinate descent (BCD) method to decompose it into three subproblems. An efficient iterative algorithm is proposed to achieve a locally optimal solution to power allocation subproblem. Then the optimal computation resource allocation and offloading ratio are derived in closed forms. Simulation results demonstrate that the proposed algorithm converges fast and achieves higher TSOD than some heuristics.