Biblio

Server-side web applications are vulnerable to request races. While some previous studies of real-world request races exist, they primarily focus on the root cause of these bugs. To better combat request races in server-side web applications, we need a deep understanding of their characteristics. In this paper, we provide a complementary focus on race effects and fixes with an enlarged set of request races from web applications developed with Object-Relational Mapping (ORM) frameworks. We revisit characterization questions used in previous studies on newly included request races, distinguish the external and internal effects of request races, and relate requestrace fixes with concurrency control mechanisms in languages and frameworks for developing server-side web applications. Our study reveals that: (1) request races from ORM-based web applications share the same characteristics as those from raw-SQL web applications; (2) request races violating application semantics without explicit crashes and error messages externally are common, and latent request races, which only corrupt some shared resource internally but require extra requests to expose the misbehavior, are also common; and (3) various fix strategies other than using synchronization mechanisms are used to fix request races. We expect that our results can help developers better understand request races and guide the design and development of tools for combating request races.

This paper studies the problem of designing optimal privacy mechanism with less energy cost. The eavesdropper and the defender with limited resources should choose which channel to eavesdrop and defend, respectively. A zero-sum stochastic game framework is used to model the interaction between the two players and the game is solved through the Nash Q-learning approach. A numerical example is given to verify the proposed method.

In the last decade, numerous Industrial IoT systems have been deployed. Attack vectors and security solutions for these are an active area of research. However, to the best of our knowledge, only very limited insight in the applicability and real-world comparability of attacks exists. To overcome this widespread problem, we have developed and realized an approach to collect attack traces at a larger scale. An easily deployable system integrates well into existing networks and enables the investigation of attacks on unmodified commercial devices.

When applied to short-term energy consumption forecasting, the federated learning framework allows for the creation of a predictive model without sharing raw data. There is a limit to the accuracy achieved by standard federated learning due to the heterogeneity of the individual clients' data, especially in the case of electricity data, where prediction of peak demand is a challenge. A set of clustering techniques has been explored in the literature to improve prediction quality while maintaining user privacy. These studies have mainly been conducted using sets of clients with similar attributes that may not reflect real-world consumer diversity. This paper explores, implements and compares these clustering techniques for privacy-preserving load forecasting on a representative electricity consumption dataset. The experimental results demonstrate the effects of electricity consumption heterogeneity on federated forecasting and a non-representative sample's impact on load forecasting.

Recent approaches have proven the effectiveness of local outlier factor-based outlier detection when applied over traffic flow probability distributions. However, these approaches used distance metrics based on the Bhattacharyya coefficient when calculating probability distribution similarity. Consequently, the limited expressiveness of the Bhattacharyya coefficient restricted the accuracy of the methods. The crucial deficiency of the Bhattacharyya distance metric is its inability to compare distributions with non-overlapping sample spaces over the domain of natural numbers. Traffic flow intensity varies greatly, which results in numerous non-overlapping sample spaces, rendering metrics based on the Bhattacharyya coefficient inappropriate. In this work, we address this issue by exploring alternative distance metrics and showing their applicability in a massive real-life traffic flow data set from 26 vital intersections in The Hague. The results on these data collected from 272 sensors for more than two years show various advantages of the Earth Mover's distance both in effectiveness and efficiency.

Given the COVID-19 pandemic, this paper aims at providing a full-process information system to support the detection of pathogens for a large range of populations, satisfying the requirements of light weight, low cost, high concurrency, high reliability, quick response, and high security. The project includes functional modules such as sample collection, sample transfer, sample reception, laboratory testing, test result inquiry, pandemic analysis, and monitoring. The progress and efficiency of each collection point as well as the status of sample transfer, reception, and laboratory testing are all monitored in real time, in order to support the comprehensive surveillance of the pandemic situation and support the dynamic deployment of pandemic prevention resources in a timely and effective manner. Deployed on a cloud platform, this system can satisfy ultra-high concurrent data collection requirements with 20 million collections per day and a maximum of 5 million collections per hour, due to its advantages of high concurrency, elasticity, security, and manageability. This system has also been widely used in Jiangsu, Shaanxi provinces, for the prevention and control of COVID-19 pandemic. Over 100 million NAT data have been collected nationwide, providing strong informational support for scientific and reasonable formulation and execution of COVID-19 prevention plans.

In the process of crowdsourced testing service, the intellectual property of crowdsourced testing has been faced with problems such as code plagiarism, difficulties in confirming rights and unreliability of data. Blockchain is a decentralized, tamper-proof distributed ledger, which can help solve current problems. This paper proposes an intellectual property right confirmation system oriented to crowdsourced testing services, combined with blockchain, IPFS (Interplanetary file system), digital signature, code similarity detection to realize the confirmation of crowdsourced testing intellectual property. The performance test shows that the system can meet the requirements of normal crowdsourcing business as well as high concurrency situations.

With a record 400Gbps 100-piece-FPGA implementation, we investigate performance of the potential FEC schemes for OIF-800GZR. By comparing the power dissipation and correction threshold at 10−15 BER, we proposed the simplified OFEC for the 800G-ZR FEC.

Onion Routing is an encrypted communication system developed by the U.S. Naval Laboratory that uses existing Internet equipment to communicate anonymously. Miscreants use this means to conduct illegal transactions in the dark web, posing a security risk to citizens and the country. For this means of anonymous communication, website fingerprinting methods have been used in existing studies. These methods often have high overhead and need to run on devices with high performance, which makes the method inflexible. In this paper, we propose a lightweight method to address the high overhead problem that deep learning website fingerprinting methods generally have, so that the method can be applied on common devices while also ensuring accuracy to a certain extent. The proposed method refers to the structure of Inception net, divides the original larger convolutional kernels into smaller ones, and uses group convolution to reduce the website fingerprinting and computation to a certain extent without causing too much negative impact on the accuracy. The method was experimented on the data set collected by Rimmer et al. to ensure the effectiveness.

Demand response has emerged as one of the most promising methods for the deployment of sustainable energy systems. Attempts to democratize demand response and establish programs for residential consumers have run into scalability issues and risks of leaking sensitive consumer data. In this work, we propose a privacy-friendly, incentive-based demand response market, where consumers offer their flexibility to utilities in exchange for a financial compensation. Consumers submit encrypted offer which are aggregated using Computation Over Encrypted Data to ensure consumer privacy and the scalability of the approach. The optimal allocation of flexibility is then determined via double-auctions, along with the optimal consumption schedule for the users with respect to the day-ahead electricity prices, thus also shielding participants from high electricity prices. A case study is presented to show the effectiveness of the proposed approach.

The power industrial control system is an important part of the national critical Information infrastructure. Its security is related to the national strategic security and has become an important target of cyber attacks. In order to solve the problem that the vulnerability detection technology of power industrial control system cannot meet the requirement of non-destructive, this paper proposes an industrial control vulnerability analysis technology combined with dynamic and static analysis technology. On this basis, an industrial control non-destructive vulnerability detection system is designed, and a simulation verification platform is built to verify the effectiveness of the industrial control non-destructive vulnerability detection system. These provide technical support for the safety protection research of the power industrial control system.

In this work, we consider the application of the nonstationary channel polarization theory on the wiretap channel model with non-stationary blocks. Particularly, we present a time-bit coding scheme which is a secure polar codes that constructed on the virtual bit blocks by using the non-stationary channel polarization theory. We have proven that this time-bit coding scheme achieves reliability, strong security and the secrecy capacity. Also, compared with regular secure polar coding methods, our scheme has a lower coding complexity for non-stationary channel blocks.

According to the characteristics of security threats and massive users in power mobile applications, a mobile application security situational awareness method based on big data architecture is proposed. The method uses open-source big data technology frameworks such as Kafka, Flink, Elasticsearch, etc. to complete the collection, analysis, storage and visual display of massive power mobile application data, and improve the throughput of data processing. The security situation awareness method of power mobile application takes the mobile terminal threat index as the core, divides the risk level for the mobile terminal, and predicts the terminal threat index through support vector machine regression algorithm (SVR), so as to construct the security profile of the mobile application operation terminal. Finally, through visualization services, various data such as power mobile applications and terminal assets, security operation statistics, security strategies, and alarm analysis are displayed to guide security operation and maintenance personnel to carry out power mobile application security monitoring and early warning, banning disposal and traceability analysis and other decision-making work. The experimental analysis results show that the method can meet the requirements of security situation awareness for threat assessment accuracy and response speed, and the related results have been well applied in a power company.

The features of socio-cyber-physical systems are presented, which dictate the need to revise traditional management methods and transform the management system in such a way that it takes into account the presence of a person both in the control object and in the control loop. The use of situational control mechanisms is proposed. The features of this approach and its comparison with existing methods of situational awareness are presented. The comparison has demonstrated wider possibilities and scope for managing socio-cyber-physical systems. It is recommended to consider a wider class of types of relations that exist in socio-cyber-physical systems. It is indicated that such consideration can be based on the use of pseudo-physical logics considered in situational control. It is pointed out that it is necessary to design a classifier of situations (primarily in cyberspace), instead of traditional classifiers of threats and intruders.

Over the past decade, smart grids have been widely implemented. Real-time pricing can better address demand-side management in smart grids. Real-time pricing requires managers to interact more with consumers at the data level, which raises many privacy threats. Thus, we introduce differential privacy into the Real-time pricing for privacy protection. However, differential privacy leaves more space for an adversary to compromise the robustness of the system, which has not been well addressed in the literature. In this paper, we propose a novel active attack detection scheme against stealthy attacks, and then give the proof of correctness and effectiveness of the proposed scheme. Further, we conduct extensive experiments with real datasets from CER to verify the detection performance of the proposed scheme.

With the development of the information age, the process of global networking continues to deepen, and the cyberspace security has become an important support for today’s social functions and social activities. Web applications which have many security risks are the most direct interactive way in the process of the Internet activities. That is why the web applications face a large number of network attacks. Interpretive dynamic programming languages are easy to lean and convenient to use, they are widely used in the development of cross-platform web systems. As well as benefit from these advantages, the web system based on those languages is hard to detect errors and maintain the complex system logic, increasing the risk of system vulnerability and cyber threats. The attack defense of systems based on interpretive dynamic programming languages is widely concerned by researchers. Since the advance of endogenous security technologies, there are breakthroughs on the research of web system security. Compared with traditional security defense technologies, these technologies protect the system with their uncertainty, randomness and dynamism. Based on several common network attacks, the traditional system security defense technology and endogenous security technology of web application based on interpretive dynamic languages are surveyed and compared in this paper. Furthermore, the possible research directions of those technologies are discussed.

The complexity and scale of modern software programs often lead to overlooked programming errors and security vulnerabilities. Developers often rely on automatic tools, like static analysis tools, to look for bugs and vulnerabilities. Static analysis tools are widely used because they can understand nontrivial program behaviors, scale to millions of lines of code, and detect subtle bugs. However, they are known to generate an excess of false alarms which hinder their utilization as it is counterproductive for developers to go through a long list of reported issues, only to find a few true positives. One of the ways proposed to suppress false positives is to use machine learning to identify them. However, training machine learning models requires good quality labeled datasets. For this purpose, we developed D2A [3], a differential analysis based approach that uses the commit history of a code repository to create a labeled dataset of Infer [2] static analysis output.

The security of Energy Data collection is the basis of achieving reliability and security intelligent of smart grid. The newest security communication of Data collection is Zero Trust communication; The Strategy of Zero Trust communication is that don’t trust any device of outside or inside. Only that device authenticate is successful and software and hardware is more security, the Energy intelligent power system allow the device enroll into network system, otherwise deny these devices. When the device has been communicating with the Energy system, the Zero Trust still need to detect its security and vulnerability, if device have any security issue or vulnerability issue, the Zero Trust deny from network system, it ensures that Energy power system absolute security, which lays a foundation for the security analysis of intelligent power unit.

This article discusses a threat and vulnerability analysis model that allows you to fully analyze the requirements related to information security in an organization and document the results of the analysis. The use of this method allows avoiding and preventing unnecessary costs for security measures arising from subjective risk assessment, planning and implementing protection at all stages of the information systems lifecycle, minimizing the time spent by an information security specialist during information system risk assessment procedures by automating this process and reducing the level of errors and professional skills of information security experts. In the initial sections, the common methods of risk analysis and risk assessment software are analyzed and conclusions are drawn based on the results of comparative analysis, calculations are carried out in accordance with the proposed model.

From the perspective of time domain, the propagation characteristics of sound waves in seawater can be seen more intuitively. In order to study the influence and characteristics of seamount on low frequency acoustic propagation, the research of this paper used the Finite Element Method (FEM) based on time domain to set up a full-waveguide low-frequency acoustic propagation simulation model, and discussed the influencing laws about acoustic propagation on seamount. The simulation results show that Seamounts can hinder the propagation of sound waves, weaken the energy of sound waves. The topographic changes of seamounts can cause the coupling and transformation of acoustic signals during the propagation which can stimulate the seabed interface wave.

In healthcare 4.0 ecosystems, authentication of healthcare information allows health stakeholders to be assured that data is originated from correct source. Recently, biometric based authentication is a preferred choice, but as the templates are stored on central servers, there are high chances of copying and generating fake biometrics. An adversary can forge the biometric pattern, and gain access to critical health systems. Thus, to address the limitation, the paper proposes a scheme, PHBio, where an encryption-based biometric system is designed prior before storing the template to the server. Once a user provides his biometrics, the authentication process does not decrypt the data, rather uses a homomorphic-enabled Paillier cryptosystem. The scheme presents the encryption and the comparison part which is based on euclidean distance (EUD) strategy between the user input and the stored template on the server. We consider the minimum distance, and compare the same with a predefined threshold distance value to confirm a biometric match, and authenticate the user. The scheme is compared against parameters like accuracy, false rejection rates (FARs), and execution time. The proposed results indicate the validity of the scheme in real-time health setups.

Mobile Ad-hoc Networks (MANETs) have attracted lots of concerns with its widespread use. In MANETs, wireless nodes usually self-organize into groups to complete collaborative tasks and communicate with one another via public channels which are vulnerable to attacks. Group key management is generally employed to guarantee secure group communication in MANETs. However, most existing group key management schemes for MANETs still suffer from some issues, e.g., receiver restriction, relying on a trusted dealer and heavy certificates overheads. To address these issues, we propose a group key management scheme for MANETs based on an identity-based authenticated dynamic contributory broadcast encryption (IBADConBE) protocol which builds on an earlier work. Our scheme abandons the certificate management and does not need a trusted dealer to distribute a secret key to each node. A set of wireless nodes are allowed to negotiate the secret keys in one round while forming a group. Besides, our scheme is receiver-unrestricted which means any sender can flexibly opt for any favorable nodes of a group as the receivers. Further, our scheme satisfies the authentication, confidentiality of messages, known-security, forward security and backward security concurrently. Performance evaluation shows our scheme is efficient.

Swarm learning (SL) is an emerging promising decentralized machine learning paradigm and has achieved high performance in clinical applications. SL solves the problem of a central structure in federated learning by combining edge computing and blockchain-based peer-to-peer network. While there are promising results in the assumption of the independent and identically distributed (IID) data across participants, SL suffers from performance degradation as the degree of the non-IID data increases. To address this problem, we propose a generative augmentation framework in swarm learning called SL-GAN, which augments the non-IID data by generating the synthetic data from participants. SL-GAN trains generators and discriminators locally, and periodically aggregation via a randomly elected coordinator in SL network. Under the standard assumptions, we theoretically prove the convergence of SL-GAN using stochastic approximations. Experimental results demonstrate that SL-GAN outperforms state-of-art methods on three real world clinical datasets including Tuberculosis, Leukemia, COVID-19.

As the cyberspace structure becomes more and more complex, the problems of dynamic network space topology, complex composition structure, large spanning space scale, and a high degree of self-organization are becoming more and more important. In this paper, we model the cyberspace elements and their dependencies by combining the knowledge of graph theory. Layer adopts a network space modeling method combining virtual and real, and level adopts a spatial iteration method. Combining the layer-level models into one, this paper proposes a fast modeling method for cyberspace security structure model with network connection relationship, hierarchical relationship, and vulnerability information as input. This method can not only clearly express the individual vulnerability constraints in the network space, but also clearly express the hierarchical relationship of the complex dependencies of network individuals. For independent network elements or independent network element groups, it has flexibility and can greatly reduce the computational complexity in later applications.

This paper focuses on the system on wireless sensor networks. The system is linear and the time of the system is discrete as well as variable, which named discrete-time linear time-varying systems (DLTVS). DLTVS are vulnerable to network attacks when exchanging information between sensors in the network, as well as putting their security at risk. A DLTVS with privacy-preserving is designed for this purpose. A set-membership estimator is designed by adding privacy noise obeying the Laplace distribution to state at the initial moment. Simultaneously, the differential privacy of the system is analyzed. On this basis, the real state of the system and the existence form of the estimator for the desired distribution are analyzed. Finally, simulation examples are given, which prove that the model after adding differential privacy can obtain accurate estimates and ensure the security of the system state.