Biblio

Smart grid has evolved as the next generation power grid paradigm which enables the transfer of real time information between the utility company and the consumer via smart meter and advanced metering infrastructure (AMI). These information facilitate many services for both, such as automatic meter reading, demand side management, and time-of-use (TOU) pricing. However, there have been growing security and privacy concerns over smart grid systems, which are built with both smart and legacy information and operational technologies. Intrusion detection is a critical security service for smart grid systems, alerting the system operator for the presence of ongoing attacks. Hence, there has been lots of research conducted on intrusion detection in the past, especially anomaly-based intrusion detection. Problems emerge when common approaches of pattern recognition are used for imbalanced data which represent much more data instances belonging to normal behaviors than to attack ones, and these approaches cause low detection rates for minority classes. In this paper, we study various machine learning models to overcome this drawback by using CIC-IDS2018 dataset [1].

The need for performing deep neural network inferences on resource-constrained embedded devices (e.g., Internet of Things nodes) requires specialized architectures to achieve the best trade-off among performance, energy, and cost. One of the most promising architectures in this context is based on massive parallel and specialized cores interconnected by means of a Network-on-Chip (NoC). In this paper, we extensively evaluate NoC-based deep neural network accelerators by exploring the design space spanned by several architectural parameters including, network size, routing algorithm, local memory size, link width, and number of memory interfaces. We show how latency is mainly dominated by the on-chip communication whereas energy consumption is mainly accounted by memory (both on-chip and off-chip). The outcome of the analysis, thus, pushes toward a research line devoted to the optimization of the on-chip communication fabric and the memory subsystem for performance improvement and energy efficiency, respectively.

The traditional network used today is unable to meet the increasing needs of technology in terms of management, scaling, and performance criteria. Major developments in information and communication technologies show that the traditional network structure is quite lacking in meeting the current requirements. In order to solve these problems, Software Defined Network (SDN) is capable of responding as it, is flexible, easier to manage and offers a new structure. Software Defined Networks have many advantages over traditional network structure. However, it also brings along many security threats due to its new architecture. For example, the DoS attack, which overloads the controller's processing and communication capacity in the SDN structure, is a significant threat. Mobile Ad Hoc Network (MANET), which is one of the wireless network technologies, is different from SDN technology. MANET is exposed to various attacks such as DoS due to its security vulnerabilities. The aim of the study is to reveal the security problems in SDN structure presented with a new understanding. This is based on the currently used network structures such as MANET. The study consists of two parts. First, DoS attacks against the SDN controller were performed. Different SDN controllers were used for more accurate results. Second, MANET was established and DoS attacks against this network were performed. Different MANET routing protocols were used for more accurate results. According to the scenario, attacks were performed and the performance values of the networks were tested. The reason for using two different networks in this study is to compare the performance values of these networks at the time of attack. According to the test results, both networks were adversely affected by the attacks. It was observed that network performance decreased in MANET structure but there was no network interruption. The SDN controller becomes dysfunctional and collapses as a result of the attack. While the innovations offered by the SDN structure are expected to provide solutions to many problems in traditional networks, there are still many vulnerabilities for network security.

Mobile Ad-hoc NETwork (MANET) is a collection of mobile devices which interchange information without the use of predefined infrastructures or central administration. It is employed in many domains such as military and commercial sectors, data and sensors networks, low level applications, etc. The important constraints in this network are the limitation of bandwidth, processing capabilities and battery life. The choice of an effective routing protocol is primordial. From many routing protocols developed for MANET, OLSR protocol is a widely-used proactive routing protocol which diffuses topological information periodically. Thus, every node has a global vision of the entire network. The protocol assumes, like the other protocols, that the nodes cooperate in a trusted environment. So, all control messages are transmitted (HELLO messages) to all 1-hop neighbor nodes or broadcasted (TC and MID messages) to the entire network in clear. However, a node, which listens to OLSR control messages, can exploit this property to lead an attack. In this paper, we investigate on MultiPoint Relay (MPR) attack considered like one of the efficient OLSR attacks by using a simulation in progressive size gridMANET.

Although there has been notable progress in modeling cascading failures in power grids, few works included using machine learning algorithms. In this paper, cascading failures that lead to massive blackouts in power grids are predicted and classified into no, small, and large cascades using machine learning algorithms. Cascading-failure data is generated using a cascading failure simulator framework developed earlier. The data set includes the power grid operating parameters such as loading level, level of load shedding, the capacity of the failed lines, and the topological parameters such as edge betweenness centrality and the average shortest distance for numerous combinations of two transmission line failures as features. Then several machine learning algorithms are used to classify cascading failures. Further, linear regression is used to predict the number of failed transmission lines and the amount of load shedding during a cascade based on initial feature values. This data-driven technique can be used to generate cascading failure data set for any real-world power grids and hence, power-grid engineers can use this approach for cascade data generation and hence predicting vulnerabilities and enhancing robustness of the grid.

Mobile ad hoc network (MANET) does not have fixed infrastructure centralized server which manage the connections between the nodes. Rather, the nodes in MANET move randomly. Thus, it is risky to exchange data between nodes because there is a high possibility of having malicious node in the path. In this paper, we will describe a new authentication technique using message digest 5 (MD5), hashing for dynamic MANET on demand protocol (DYMO) based on reinforcement learning. In addition, we will describe an encryption technique that can be used without the need for a third party to distribute a secret key. After implementing the suggested model, results showed a remarkable enhancement in securing the path by increasing the packet delivery ratio and average throughput. On the other hand, there was an increase in end to end delay due to time spent in cryptographic operations.

Today, a significant threat to organisational information systems is ransomware that can completely occlude the information system by denying access to its data. To reduce this exposure and damage from ransomware attacks, organisations are obliged to concentrate explicitly on the threat of ransomware, alongside their malware prevention strategy. In attempting to prevent the escalation of ransomware attacks, it is important to account for their polymorphic behaviour and dispersion of inexhaustible versions. However, a number of ransomware samples possess similarity as they are created by similar groups of threat actors. A particular threat actor or group often adopts similar practices or codebase to create unlimited versions of their ransomware. As a result of these common traits and codebase, it is probable that new or unknown ransomware variants can be detected based on a comparison with their originating or existing samples. Therefore, this paper presents a detection method for ransomware by employing a similarity preserving hashing method called fuzzy hashing. This detection method is applied on the collected WannaCry or WannaCryptor ransomware corpus utilising three fuzzy hashing methods SSDEEP, SDHASH and mvHASH-B to evaluate the similarity detection success rate by each method. Moreover, their fuzzy similarity scores are utilised to cluster the collected ransomware corpus and its results are compared to determine the relative accuracy of the selected fuzzy hashing methods.

Key management is critical for the successful operation of a cryptographic system in wireless networks. Systems based on asymmetric keys require a dedicated infrastructure for key management and authentication which may not be practical for ad-hoc Underwater Acoustic Networks (UANs). In symmetric-key systems, key distribution is not easy to handle when new nodes join the network. In addition, when a key is compromised all nodes that use the same key are not secure anymore. Hence, it is desirable to have a dynamic way to generate new keys without relying on past keys. Physical Layer Security (PLS) uses correlated channel measurements between two underwater nodes to generate a cryptographic key without exchanging the key itself. In this study, we set up a network of two legitimate nodes and one eavesdropper operating in a shallow area off the coast of Portugal. We propose novel features based on the Channel Impulse Response (CIR) of the established acoustic link that could be used as an initial seed for a crypto-key generation algorithm. Our results show that the two nodes can independently generate 306 quantization bits after exchanging 187 probe signals. Furthermore, the eavesdropper fails to generate the same bits from her/his data even if she/he performs exactly the same signal processing steps of the legitimate nodes.

Formally verifying functional and security properties of a large-scale production operating system is highly desirable. However, it is challenging as such OSes are often written in multiple source languages that have no formal semantics - a prerequisite for formal reasoning. To avoid expensive formalization of the semantics of multiple high-level source languages, we present a lightweight and rigorous verification toolchain that verifies OS code at the binary level, targeting ARM machines. To reason about ARM instructions, we first translate the ARM Specification Language that describes the semantics of the ARMv8 ISA into the PVS7 theorem prover and verify the translation. We leverage the radare2 reverse engineering tool to decode ARM binaries into PVS7 and verify the translation. Our translation verification methodology is a lightweight formal validation technique that generates large-scale instruction emulation test lemmas whose proof obligations are automatically discharged. To demonstrate our verification methodology, we apply the technique on two OSes: Google's Zircon and a subset of Linux. We extract a set of 370 functions from these OSes, translate them into PVS7, and verify the correctness of the translation by automatically discharging hundreds of thousands of proof obligations and tests. This took 27.5 person-months to develop.

In recent years, various cloud-based services have been introduced in our daily lives, and information security is now an important topic for protecting the users. In the literature, many technologies have been proposed and incorporated into different services. Data hiding or steganography is a data protection technology, and images are often used as the cover data. On the other hand, steganalysis is an important tool to test the security strength of a steganography technique. So far, steganalysis has been used mainly for detecting the existence of secret data given an image, i.e., to classify if the given image is a normal or a stego image. In this paper, we investigate the possibility of identifying the locations of the embedded data if the a given image is suspected to be a stego image. The purpose is of two folds. First, we would like to confirm the decision made by the first level steganalysis; and the second is to provide a way to guess the size of the embedded data. Our experimental results show that in most cases the embedding positions can be detected. This result can be useful for developing more secure steganography technologies.

A robust and reliable system of detecting spam reviews is a crying need in todays world in order to purchase products without being cheated from online sites. In many online sites, there are options for posting reviews, and thus creating scopes for fake paid reviews or untruthful reviews. These concocted reviews can mislead the general public and put them in a perplexity whether to believe the review or not. Prominent machine learning techniques have been introduced to solve the problem of spam review detection. The majority of current research has concentrated on supervised learning methods, which require labeled data - an inadequacy when it comes to online review. Our focus in this article is to detect any deceptive text reviews. In order to achieve that we have worked with both labeled and unlabeled data and proposed deep learning methods for spam review detection which includes Multi-Layer Perceptron (MLP), Convolutional Neural Network (CNN) and a variant of Recurrent Neural Network (RNN) that is Long Short-Term Memory (LSTM). We have also applied some traditional machine learning classifiers such as Nave Bayes (NB), K Nearest Neighbor (KNN) and Support Vector Machine (SVM) to detect spam reviews and finally, we have shown the performance comparison for both traditional and deep learning classifiers.

A spin-Hall nano-oscillator (SHNO) is a type of spintronic oscillator that shows promising performance as a nanoscale microwave source and for neuromorphic computing applications. Within such nanodevices, a non-ferromagnetic layer in the presence of an external magnetic field and a DC bias current generates an oscillating microwave voltage. For developing optimal nano-oscillators, accurate simulations of the device's complex behaviour are required before fabrication. This work simulates the key behaviour of a nanoconstriction SHNO as the applied DC bias current is varied. The current density and Oersted field of the device have been presented, the magnetisation oscillations have been clearly visualised in three dimensions and the spatial distribution of the active mode determined. These simulations allow designers a greater understanding and characterisation of the device's behaviour while also providing a means of comparison when experimental resultsO are generated.

Under the information environment the development of Continuous internal audit business model is inevitable and it will generally become the mainstream model. Based on the understanding of internal audit development in enterprises, it's found that most of current internal audit systems stay at post audit as an auxiliary tool of internal auditors in the auditing process, which hastens the application of continuous internal audit. Emerging computer technology is combined in this paper to build an universal continuous internal audit model, which is divided into four phases, based on internal audit system. Finally, based on the tracking error of index fund, this paper makes an applied research on the framework of the established continuous internal audit system.

Threat intelligence sharing is posited as an important aid to help counter cybersecurity attacks and a number of threat intelligence sharing communities exist. There is a general consensus that many challenges remain to be overcome to achieve fully effective sharing, including concerns about privacy, negative publicity, policy/legal issues and expense of sharing, amongst others. One recent trend undertaken to address this is the use of decentralized blockchain based sharing architectures. However while these platforms can help increase sharing effectiveness they do not fully address all of the above challenges. In particular, issues around trust are not satisfactorily solved by current approaches. In this paper, we describe a novel trust enhancement framework -TITAN- for decentralized sharing based on the use of P2P reputation systems to address open trust issues. Our design uses blockchain and Trusted Execution Environment technologies to ensure security, integrity and privacy in the operation of the threat intelligence sharing reputation system.

Malicious software, known as malware, has become urgently serious threat for computer security, so automatic mal-ware classification techniques have received increasing attention. In recent years, deep learning (DL) techniques for computer vision have been successfully applied for malware classification by visualizing malware files and then using DL to classify visualized images. Although DL-based classification systems have been proven to be much more accurate than conventional ones, these systems have been shown to be vulnerable to adversarial attacks. However, there has been little research to consider the danger of adversarial attacks to visualized image-based malware classification systems. This paper proposes an adversarial attack method based on the gradient to attack image-based malware classification systems by introducing perturbations on resource section of PE files. The experimental results on the Malimg dataset show that by a small interference, the proposed method can achieve success attack rate when challenging convolutional neural network malware classifiers.

k-anonymity is a popular model in privacy preserving data publishing. It provides privacy guarantee when a microdata table is released. In microdata, sensitive attributes contain high-sensitive and low sensitive values. Unfortunately, study in anonymity for distributing sensitive value is still rare. This study aims to distribute evenly high-sensitive value to quasi identifier group. We proposed an approach called Simple Distribution of Sensitive Value. We compared our method with systematic clustering which is considered as very effective method to group quasi identifier. Information entropy is used to measure the diversity in each quasi identifier group and in a microdata table. Experiment result show our method outperformed systematic clustering when high-sensitive value is distributed.

In the network security risk assessment on critical information infrastructure of smart city, to describe attack vectors for predicting possible initial access is a challenging task. In this paper, an attack vector evaluation model based on weakness, path and action is proposed, and the formal representation and quantitative evaluation method are given. This method can support the assessment of attack vectors based on known and unknown weakness through combination of depend conditions. In addition, defense factors are also introduced, an attack vector evaluation model of integrated defense is proposed, and an application example of the model is given. The research work in this paper can provide a reference for the vulnerability assessment of attack vector.

Coherent rendering in augmented reality deals with synthesizing virtual content that seamlessly blends in with the real content. Unfortunately, capturing or modeling every real aspect in the virtual rendering process is often unfeasible or too expensive. We present a post-processing method that improves the look of rendered overlays in a dental virtual try-on application. We combine the original frame and the default rendered frame in an autoencoder neural network in order to obtain a more natural output, inspired by artistic style transfer research. Specifically, we apply the original frame as style on the rendered frame as content, repeating the process with each new pair of frames. Our method requires only a single forward pass, our shallow architecture ensures fast execution, and our internal feedback loop inherently enforces temporal consistency.

A main goal of the paper is to discuss the world telecommunications strategy in transition to the IP world. The paper discuss the shifting from circuit switching to packet switching in telecommunications and show the main obstacle is excessive software. As a case, we are passing through the three generations of American military communications: (1) implementation of signaling protocol SS7 and Advanced Intelligent Network, (2) transformation from SS7 to IP protocol and, finally, (3) the extremely ambitious cybersecurity issues. We use the newer unclassified open Defense Information Systems Agency documents, particularly: Department of Defense Information Enterprise Architecture; Unified Capabilities the Army. We discuss the newer US Government Accountability Office (2018) report on military equipment cyber vulnerabilities.

This study proposed a biometric-based digital signature scheme proposed for facial recognition. The scheme is designed and built to verify the person’s identity during a registration process and retrieve their public and private keys stored in the database. The RSA algorithm has been used as asymmetric encryption method to encrypt hashes generated for digital documents. It uses the hash function (SHA-256) to generate digital signatures. In this study, local binary patterns histograms (LBPH) were used for facial recognition. The facial recognition method was evaluated on ORL faces retrieved from the database of Cambridge University. From the analysis, the LBPH algorithm achieved 97.5% accuracy; the real-time testing was done on thirty subjects and it achieved 94% recognition accuracy. A crypto-tool software was used to perform the randomness test on the proposed RSA and SHA256.

Model explanations based on pure observational data cannot compute the effects of features reliably, due to their inability to estimate how each factor alteration could affect the rest. We argue that explanations should be based on the causal model of the data and the derived intervened causal models, that represent the data distribution subject to interventions. With these models, we can compute counterfactuals, new samples that will inform us how the model reacts to feature changes on our input. We propose a novel explanation methodology based on Causal Counterfactuals and identify the limitations of current Image Generative Models in their application to counterfactual creation.

We analyze expert review and student performance data to evaluate the validity of the Cybersecurity Concept Inventory (CCI) for assessing student knowledge of core cybersecurity concepts after a first course on the topic. A panel of 12 experts in cybersecurity reviewed the CCI, and 142 students from six different institutions took the CCI as a pilot test. The panel reviewed each item of the CCI and the overwhelming majority rated every item as measuring appropriate cybersecurity knowledge. We administered the CCI to students taking a first cybersecurity course either online or proctored by the course instructor. We applied classical test theory to evaluate the quality of the CCI. This evaluation showed that the CCI is sufficiently reliable for measuring student knowledge of cybersecurity and that the CCI may be too difficult as a whole. We describe the results of the expert review and the pilot test and provide recommendations for the continued improvement of the CCI.

The cyber-physical systems (CPSes) rely on computing and control techniques to achieve system safety and reliability. However, recent attacks show that these techniques are vulnerable once the cyber-attackers have bypassed air gaps. The attacks may cause service disruptions or even physical damages. This paper designs the built-in attack characterization scheme for one general type of cyber-attacks in CPS, which we call time delay attack, that delays the transmission of the system control commands. We use the recurrent neural networks in deep learning to estimate the delay values from the input trace. Specifically, to deal with the long time-sequence data, we design the deep learning model using stacked bidirectional long short-term memory (LSTM) units. The proposed approach is tested by using the data generated from a power plant control system. The results show that the LSTM-based deep learning approach can work well based on data traces from three sensor measurements, i.e., temperature, pressure, and power generation, in the power plant control system. Moreover, we show that the proposed approach outperforms the base approach based on k-nearest neighbors.

Security and privacy of smart grid communication data is crucial given the nature of the continuous bidirectional information exchange between the consumer and the utilities. Data security has conventionally been ensured using cryptographic techniques implemented at the upper layers of the network stack. However, it has been shown that security can be further enhanced using physical layer (PHY) methods. To aid and/or complement such PHY and upper layer techniques, in this paper, we propose a PHY design that can detect and locate not only an active intruder but also a passive eavesdropper in the network. Our method can either be used as a stand-alone solution or together with existing techniques to achieve improved smart grid data security. Our machine learning based solution intelligently and automatically detects and locates a possible intruder in the network by reusing power line transmission modems installed in the grid for communication purposes. Simulation results show that our cost-efficient design provides near ideal intruder detection rates and also estimates its location with a high degree of accuracy.

The digital low dropout regulators are widely used because it can operate at low supply voltage. In the digital low drop-out regulators, the high sampling frequency circuit has a short setup time, but it will produce overshoot, and then the output can be stabilized; although the low sampling frequency circuit output can be directly stabilized, the setup time is too long. This paper proposes a two sampling frequency circuit model, which aims to include the high and low sampling frequencies in the same circuit. By controlling the sampling frequency of the circuit under different conditions, this allows the circuit to combine the advantages of the circuit operating at different sampling frequencies. This shortens the circuit setup time and the stabilization time at the same time.