Biblio

Sparse representation of signals based on redundant dictionary is widely used in array signal processing. In this paper, a redundant dictionary construction method via genetic algorithm (GA) is proposed for array signal processing. The problem is formulated as a dictionary selection problem where the dictionary entries are produced by discretizing the angle space. We apply the orthogonality of the entries to evaluate the dictionary according to the Restricted Isometry Property (RIP). GA is used to discretize the angle space which can make the dictionary more orthogonal. Simulation results show that the proposed method can obtain a better division of angle, improving the orthogonality of dictionary effectively, and is suitable for arbitrary observation space compared with commonly used equal angle division and equal sine division.

Facial emotion recognition is an essential aspect in human-machine interaction. In the real-world conditions, it faces many challenges, i.e., illumination changes, large pose variations and partial or full occlusions, which cause different facial areas with different sharpness and completeness. Inspired by this fact, we focus on facial expression recognition based on partial faces in this paper. We compare contribution of seven facial areas of low-resolution images, including nose areas, mouse areas, eyes areas, nose to mouse areas, nose to eyes areas, mouth to eyes areas and the whole face areas. Through analysis on the confusion matrix and the class activation map, we find that mouth regions contain much emotional information compared with nose areas and eyes areas. In the meantime, considering larger facial areas is helpful to judge the expression more precisely. To sum up, contributions of this paper are two-fold: (1) We reveal concerned areas of human in emotion recognition. (2) We quantify the contribution of different facial parts.

Resistance to malicious attacks and assessment of the trust value of nodes are important aspects of trusted mobile ad hoc networks (MANETs), and it is therefore necessary to establish an effective reputation management system. Previous studies have relied on the direct monitoring of nodes, recommendations from neighbors or a combination of these two methods to calculate a reputation value. However, these models can neither collect trust information effectively, nor cooperate to resist an attack, instead increasing the network load. To solve these problems, this paper proposes a novel reputation management framework that collects trust information and calculates the reputation value of nodes by selecting special nodes as management nodes. This framework can effectively identify malicious information and improve the credibility of a reputation value.

With the popularity of the Internet and mobile intelligent terminals, the number of mobile applications is exploding. Mobile intelligent terminals trend to be the mainstream way of people's work and daily life online in place of PC terminals. Mobile application system brings some security problems inevitably while it provides convenience for people, and becomes a main target of hackers. Therefore, it is imminent to strengthen the security detection of mobile applications. This paper divides mobile application security detection into client security detection and server security detection. We propose a combining static and dynamic security detection method to detect client-side. We provide a method to get network information of server by capturing and analyzing mobile application traffic, and propose a fuzzy testing method based on HTTP protocol to detect server-side security vulnerabilities. Finally, on the basis of this, an automated platform for security detection of mobile application system is developed. Experiments show that the platform can detect the vulnerabilities of mobile application client and server effectively, and realize the automation of mobile application security detection. It can also reduce the cost of mobile security detection and enhance the security of mobile applications.

The polar codes is a new kind of linear block code proposed based on the theory of channel polarization. It was proved to be a kind of channel coding method that can achieve the shannon capacity limits. It requires a lot of computation and storage when SC (Successive Cancellation) decoding algorithm is used to decode long polar codes, it is not conducive to high-speed communication. To solve this problem, we propose SC recursion decoding algorithm. Analysis indicates that the new algorithm is less complex than the SC decoding algorithm. Simulation results show that the BER performance of SC recursive decoding algorithm is similar to that of SC decoding algorithm, but its delay is only one tenth of SC decoding algorithm.

Cloud computing is an innovative mechanism to optimize computing and storage resource utilization. Due to its cost-saving, high-efficiency advantage, the technology receives wide adoption from IT industries. However, the frequent emergences of security events become the heaviest obstacle for its advancement. The multi-layer and distributive characteristics of cloud computing make IT admins compulsively collect all necessary situational information at cloud runtime if they want to grasp the panoramic secure state, hereby practice configuration management and emergency response methods when necessary. On the other hand, technologies such as elastic resource pooling, dynamic load balancing and virtual machine real-time migration complicate the difficulty of data gathering, where secure information may come from virtual machine hypervisor, network accounting or host monitor proxies. How to classify, arrange, standardize and visualize these data turns into the most crucial issue for cloud computing security situation awareness and presentation. This dissertation borrows traditional fashion of data visualization to integrate into cloud computing features, proposes a new method for aggregating and displaying secure information which IT admins concern, and expects that by method realization cloud security monitor/management capabilities could be notably enhanced.

In order to improve the security of wireless network, an anomaly intrusion detection algorithm based on adaptive time-frequency feature decomposition is proposed. This paper analyzes the types and detection principles of wireless network intrusion detection, it adopts the information statistical analysis method to detect the network intrusion, constructs the traffic statistical analysis model of the network abnormal intrusion, and establishes the network intrusion signal model by combining the signal fitting method. The correlation matching filter is used to filter the network intrusion signal to improve the output signal-to-noise ratio (SNR), the time-frequency analysis method is used to extract the characteristic quantity of the network abnormal intrusion, and the adaptive correlation spectrum analysis method is used to realize the intrusion detection. The simulation results show that this method has high accuracy and strong anti-interference ability, and it can effectively guarantee the network security.

Aiming to the current lack of VoIP voice encryption, a dynamic encryption method on grouping voice encryption and parallel encrypted is proposed in this paper. Though dynamic selection of encryption algorithms and dynamic distribution of key to increase the complexity of the encryption, at the same time reduce the time complexity of asymmetric encryption algorithm by using parallel encryption to ensure the real-time of the voice and improve call security.

Containers have transformed the cluster management into an application oriented endeavor, thus being widely used as the deployment units (i.e., micro-services) of large scale cloud services. As opposed to VMs, containers allow for resource provisioning with fine granularity and their resource usage directly reflects the micro-service behaviors. Container management systems like Kubernetes and Mesos provision resources to containers according to the capacity requested by the developers. Resource usages estimated by the developers are grossly inaccurate. They tend to be risk-averse and over provision resources, as under-provisioning would cause poor runtime performance or failures. Without actually running the workloads, resource provisioning is challenging. However, benchmarking production workloads at scale requires huge manual efforts. In this work, we leverage IBM Monitoring service to profile the resource usage of production IBM Watson services in rolling windows by focusing on both evaluating how developers request resources and characterizing the actual resource usage. Our resource profiling study reveals two important characteristics of the cognitive workloads. 1. Stationarity. According to Augmented Dickey-Fuller test with 95% confidence, more than 95% of the container instances have stationary CPU usage while more than 85% have stationary memory usage, indicating that resource usage statistics do not change over time. We find for the majority of containers that the stationarity can be detected at the early stage of container execution and can hold throughout their lifespans. In addition, containers with non-stationary CPU or memory usage are also observed to implement predictable usage trends and patterns (e.g., trend stationarity or seasonality). 2. Predictability by container image. By clustering the containers based on their images, container resource usages within the same cluster are observed to exhibit strong statistical similarity. This suggests that the history of resource usage for one instance can be used to predict usage for future instances that run the same container image. Based on profiling results of running containers in rolling windows, we propose a resource usage advisory system to refine the requested resource values of the running and arriving containers as illustrated in Fig. 1. Our system continuously retrieves the resource usage metrics of running containers from IBM monitoring service and predicts the resource usage profiles in a container resource usage prediction agent. Upon the arrival of a new pod1, the resource profile advisor, proposed as a module in the web-hooked admission controller in Kubernetes, checks whether the resource profile of each container in the pod has been predicted with confidence. If a container's profile has been predicted and cached in the container resource profile database, the default requested values of containers are refined by the predicted ones; otherwise, containers are forwarded to the scheduler without any change. Similarly, a resource profile auto-scaler is proposed to update the requested resource values of containers for running pods2 as soon as the database is updated. Our study shows that developers request at least 1 core-per-second (cps) CPU and 1 GB memory for ≥ 70% of the containers, while ≥ 80% of the containers actually use less than 1 cps and 1GB. Additionally, \textbackslashtextasciitilde 20% of the containers are significantly under provisioned. We use resource usage data in one day to generate container resource profiles and evaluate our approach based on the actual usage on the following day. Without our system, average CPU (memory) usage for \textbackslashtextgreater90% of containers lies outside of 50% - 100% (70% - 100%) of the requested values. Our evaluation shows that our system can advise request values appropriately so that average and 95th percentile CPU (memory) usage for \textbackslashtextgreater90% of the containers are within 50% - 100% (70% - 100%) of the requested values. Furthermore, average CPU (memory) utilization across all pods is raised from 10% (26%) to 54% (88%).

This paper presents a methodology for IP core protection of CE devices from both buyer's and seller's perspective. In the presented methodology, buyer fingerprint is embedded along seller watermark during architectural synthesis phase of IP core design. The buyer fingerprint is inserted during scheduling phase while seller watermark is implanted during register allocation phase of architectural synthesis process. The presented approach provides a robust mechanisms of IP core protection for both buyer and seller at zero area overhead, 1.1 % latency overhead and 0.95 % design cost overhead compared to a similar approach (that provides only protection to IP seller).

Introduction of SDN (Software-Defined Networking) into the network management turns the formerly quite rigid networks to programmatically reconfigurable, dynamic and high-performing entities, which are managed remotely. At the same time, introduction of the new interfaces evidently widens the attack surface, and new kind of attack vectors are introduced threatening the QoS even critically. Thus, there is need for a security architecture, drawing from the SDN management and monitoring capabilities, and eventually covering the threats posed by the SDN evolution. For efficient security-architecture implementation, we analyze the security risks of SDN and based on that propose heuristic security objectives. Further, we decompose the objectives for effective security control implementation and security metrics definition to support informed security decision-making and continuous security improvement.

Applications in C/C++ are notoriously prone to memory corruptions. With significant research efforts devoted to this area of study, the security threats posed by previously popular vulnerabilities, such as stack and heap overflows, are not as serious as before. Instead, we have seen the meteoric rise of attacks exploiting use-after-free (UaF) vulnerabilities in recent years, which root in pointers pointing to freed memory (i.e., dangling pointers). Although various approaches have been proposed to harden software against UaF, none of them can achieve robustness and efficiency at the same time. In this paper, we present a novel defense called pSweeper to robustly protect against UaF exploits with low overhead, and pinpoint the root-causes of UaF vulnerabilities with one safe crash. The success of pSweeper lies in its two unique and innovative design ideas, concurrent pointer sweeping (CPW) and object origin tracking (OOT). CPW exploits the increasingly available multi-cores on modern PCs and outsources the heavyweight security checks and enforcement to dedicated threads that can run on spare cores. Specifically, CPW iteratively sweeps all live pointers in a concurrent thread to find dangling pointers. This design is quite different from previous work that requires to track every pointer propagation to maintain accurate point-to relationship between pointers and objects. OOT can help to pinpoint the root-causes of UaF by informing developers of how a dangling pointer is created, i.e., how the problematic object is allocated and freed. We implement a prototype of pSweeper and validate its efficacy in real scenarios. Our experimental results show that pSweeper is effective in defeating real-world UaF exploits and efficient when deployed in production runs.

Insider threats have shown their great destructive power in information security and financial stability and have received widespread attention from governments and organizations. Traditional intrusion detection systems fail to be effective in insider attacks due to the lack of extensive knowledge for insider behavior patterns. Instead, a more sophisticated method is required to have a deeper understanding for activities that insiders communicate with the information system. In this paper, we design a classifier, a neural network model utilizing Long Short Term Memory (LSTM) to model user log as a natural language sequence and achieve role-based classification. LSTM Model can learn behavior patterns of different users by automatically extracting feature and detect anomalies when log patterns deviate from the trained model. To illustrate the effective of classification model, we design two experiments based on cmu dataset. Experimental evaluations have shown that our model can successfully distinguish different behavior pattern and detect malicious behavior.

Database outsourcing introduces a new paradigm, called Database as a Service (DBaaS). Database Service Providers (DSPs) have the ability to host outsourced databases and provide efficient facilities for their users. However, the data and the execution of database queries are under the control of the DSP, which is not always a trusted authority. Therefore, our problem is to ensure the outsourced database security. To address this problem, we propose a Secure scheme to provide Confidentiality and Integrity of Query results for Cloud Databases (SCIQ-CD). The performance analysis shows that our proposed scheme is secure and efficient for practical deployment.

Internet of Things (IoT) is characterized by various of heterogeneous devices that facing numerous threats, which makes modeling security situation of IoT still a certain challenge. This paper defines a Stochastic Colored Petri Net (SCPN) for IoT-based smart environment and then proposes a Game model for security situational awareness. All possible attack paths are computed by the SCPN, and antagonistic behavior of both attackers and defenders are taken into consideration dynamically according to Game Theory (GT). Experiments on two typical attack scenarios in smart home environment demonstrate the effectiveness of the proposed model. The proposed model can form a macroscopic trend curve of the security situation. Analysis of the results shows the capabilities of the proposed model in finding vulnerable devices and potential attack paths, and even facilitating the choice of defense strategy. To the best of our knowledge, this is the first attempt to use Game Theory in the IoT-based SCPN to establish a security situational awareness model for a complex smart environment.

Currently 5G communication networks are gaining on importance among industry, academia, and governments worldwide as they are envisioned to offer wide range of high-quality services and unfaltering user experiences. However, certain security, privacy and trust challenges need to be addressed in order for the 5G networks to be widely welcomed and accepted. That is why in this paper, we take a step towards these requirements and we introduce a dedicated SDN-based integrated security framework for the Internet of Radio Light (IoRL) system that is following 5G architecture design. In particular, we present how TCP SYN-based scanning activities which typically comprise the first phase of the attack chain can be detected and mitigated using such an approach. Enclosed experimental results prove that the proposed security framework has potential to become an effective defensive solution.

Information Centric Networking (ICN) has been regarded as an ideal architecture for the next-generation network to handle users' increasing demand for content delivery with in-network cache. While making better use of network resources and providing better delivery service, an effective access control mechanism is needed due to wide dissemination of contents. However, in the existing solutions, making cache-enabled routers or content providers authenticate users' requests causes high computation overhead and unnecessary delay. Also, straightforward utilization of advanced encryption algorithms increases the opportunities for DoS attacks. Besides, privacy protection and service accountability are rarely taken into account in this scenario. In this paper, we propose a secure, efficient, and accountable access control framework, called SEAF, for ICN, in which authentication is performed at the network edge to block unauthorized requests at the very beginning. We adopt group signature to achieve anonymous authentication, and use hash chain technique to greatly reduce the overhead when users make continuous requests for the same file. Furthermore, the content providers can affirm the service amount received from the network and extract feedback information from the signatures and hash chains. By formal security analysis and the comparison with related works, we show that SEAF achieves the expected security goals and possesses more useful features. The experimental results also demonstrate that our design is efficient for routers and content providers, and introduces only slight delay for users' content retrieval.

For location-aware applications in wireless sensor networks (WSNs), it is important to ensure that sensor nodes can get correct locations in a hostile WSNs. Sybil attacks, which are vital threats in WSNs, especially in the distributed WSNs. They can forge one or multiple identities to decrease the localization accuracy, or sometimes to collapse the whole localization systems. In this paper, a novel lightweight sybilfree (SF)-APIT algorithm is presented to solve the problem of sybil attacks in APIT localization scheme, which is a popular range-free method and performs at individual node in a purely distributed fashion. The proposed SF-APIT scheme requires minimal overhead for wireless devices and works well based on the received signal strength. Simulations demonstrate that SF-APIT is an effective scheme in detecting and defending against sybil attacks with a high detection rate in distributed wireless localization schemes.

Recently, the security of state estimation has been attracting significant research attention due to the need for trustworthy situation awareness in emerging (e.g., industrial) cyber-physical systems. In this paper, we investigate secure estimation based on Kalman filtering (SEKF) using partially homomorphically encrypted data. The encryption will enhance the confidentiality not only of data transmitted in the communication network, but also key system information required by the estimator. We use a multiplicative homomorphic encryption scheme, but with a modified decryption algorithm. SEKF is able to conceal comprehensive information (i.e., system parameters, measurements, and state estimates) aggregated at the sink node of the estimator, while retaining the effectiveness of normal Kalman filtering. Therefore, even if an attacker has gained unauthorized access to the estimator and associated communication channels, he will not be able to obtain sufficient knowledge of the system state to guide the attack, e.g., ensure its stealthiness. We present an implementation structure of the SEKF to reduce the communication overhead compared with traditional secure multiparty computation (SMC) methods. Finally, we demonstrate the effectiveness of the SEKF on an IEEE 9-bus power system.

Network-on-Chip (NOC) is the heart of data communication between processing cores in Multiprocessor-based Systems on Chip (MPSoC). Packets transferred via the NoC are exposed to snooping, which makes NoC-based systems vulnerable to security attacks. Additionally, Hardware Trojans (HTs) can be deployed in some of the NoC nodes to apply security threats of extracting sensitive information or degrading the system performance. In this paper, an overview of some security attacks in NoC-based systems and the countermeasure techniques giving prominence on malicious nodes are discussed. Work in progress for secure routing algorithms is also presented.

We consider the secure search problem of retrieving from an unsorted data cost=(x\_1,...,xm) an item (i,xi) matching a given lookup value l (for a generic matching criterion either hardcoded or given as part of the query), where both input and output are encrypted by a Fully Homomorphic Encryption (FHE). The secure search problem is central in applications of secure outsourcing to an untrusted party ("the cloud"). Prior secure search algorithms on FHE encrypted data are realized by polynomials of degree Ømega(m), evaluated in Ømega(log m) sequential homomorphic multiplication steps (ie., multiplicative depth) even using an unbounded number of parallel processors. This is too slow with current FHE implementations, especially as the size of the array grows. We present the first secure search algorithm that is realized by a polynomial of logarithmic degree, log3 m, evaluated in O(log log m) sequential homomorphic multiplication steps (ie., multiplicative depth) using m parallel processors. We implemented our algorithm in an open source library based on HElib and ran experiments on Amazon's EC2 cloud with up to 100 processors. Our experiments show that we can securely search in m= millions of entries in less than an hour on a standard EC2 64-cores machine. We achieve our result by: (1) Employing modern data summarization techniques known as sketching for returning as output (the encryption of) a short sketch C from which the matching item (i,xi) can be decoded in time polynomial in log m. (2) Designing for this purpose a novel sketch that returns the first strictly-positive entry in a (not necessarily sparse) array of non-negative integers; this sketch may be of independent interest. (3) Suggesting a multi-ring evaluation of FHE for degree reduction from linear to logarithmic.

We seek to answer the following question: To what extent can we deduplicate replicated storage? To answer this question, we design ReDup, a secure storage system that provides users with strong integrity, reliability, and transparency guarantees about data that is outsourced at cloud storage providers. Users store multiple replicas of their data at different storage servers, and the data at each storage server is deduplicated across users. Remote data integrity mechanisms are used to check the integrity of replicas. We consider a strong adversarial model, in which collusions are allowed between storage servers and also between storage servers and dishonest users of the system. A cloud storage provider (CSP) could store less replicas than agreed upon by contract, unbeknownst to honest users. ReDup defends against such adversaries by making replica generation to be time consuming so that a dishonest CSP cannot generate replicas on the fly when challenged by the users. In addition, ReDup employs transparent deduplication, which means that users get a proof attesting the deduplication level used for their files at each replica server, and thus are able to benefit from the storage savings provided by deduplication. The proof is obtained by aggregating individual proofs from replica servers, and has a constant size regardless of the number of replica servers. Our solution scales better than state of the art and is provably secure under standard assumptions.

In cloud computing customers upload data and computation to cloud providers. As they upload their data to the cloud provider, they typically give up data confidentiality. We develop SecureMR, a system that analyzes and transforms MapReduce programs to operate over encrypted data. SecureMR makes use of partially homomorphic encryption and a trusted client. We evaluate SecureMR on a set of complex computation-intensive MapReduce benchmarks.

Social media users generate tremendous amounts of data. To better serve users, it is required to share the user-related data among researchers, advertisers and application developers. Publishing such data would raise more concerns on user privacy. To encourage data sharing and mitigate user privacy concerns, a number of anonymization and de-anonymization algorithms have been developed to help protect privacy of social media users. In this work, we propose a new adversarial attack specialized for social media data.We further provide a principled way to assess effectiveness of anonymizing different aspects of social media data. Our work sheds light on new privacy risks in social media data due to innate heterogeneity of user-generated data which require striking balance between sharing user data and protecting user privacy.

To achieve its goals, ransomware needs to employ strong encryption, which in turn requires access to high-grade encryption keys. Over the evolution of ransomware, various techniques have been observed to accomplish the latter. Understanding the advantages and disadvantages of each method is essential to develop robust defense strategies. In this paper we explain the techniques used by ransomware to derive encryption keys and analyze the security of each approach. We argue that recovery of data might be possible if the ransomware cannot access high entropy randomness sources. As an evidence to support our theoretical results, we provide a decryptor program for a previously undefeated ransomware.