Biblio

The latest generation of IoT systems incorporate machine learning (ML) technologies on edge devices. This introduces new engineering challenges to bring ML onto resource-constrained hardware, and complications for ensuring system security and privacy. Existing research prescribes iterative processes for machine learning enabled IoT products to ease development and increase product success. However, these processes mostly focus on existing practices used in other generic software development areas and are not specialized for the purpose of machine learning or IoT devices. This research seeks to characterize engineering processes and security practices for ML-enabled IoT systems through the lens of the engineering lifecycle. We collected data from practitioners through a survey (N=25) and interviews (N=4). We found that security processes and engineering methods vary by company. Respondents emphasized the engineering cost of security analysis and threat modeling, and trade-offs with business needs. Engineers reduce their security investment if it is not an explicit requirement. The threats of IP theft and reverse engineering were a consistent concern among practitioners when deploying ML for IoT devices. Based on our findings, we recommend further research into understanding engineering cost, compliance, and security trade-offs.

The Internet of Vehicles (IoVs) performs the rapid expansion of connected devices. This massive number of devices is constantly generating a massive and near-real-time data stream for numerous applications, which is known as big data. Analyzing such big data to find, predict, and control decisions is a critical solution for IoVs to enhance service quality and experience. Thus, the main goal of this paper is to study the impact of big data analytics on traffic prediction in IoVs. In which we have used big data analytics steps to predict the traffic flow, and based on different deep neural models such as LSTM, CNN-LSTM, and GRU. The models are validated using evaluation metrics, MAE, MSE, RMSE, and R2. Hence, a case study based on a real-world road is used to implement and test the efficiency of the traffic prediction models.

Nowadays, safety systems are an important feature for modern vehicles. Many accidents would have been occurred without them. In comparison with older vehicles, modern vehicles have a much better crumple zone, more airbags, a better braking system, as well as a much better and safer driving behaviour. Although, the vehicles safety systems are working well in these days, there is still space for improvement and for adding new security features. This paper describes the implementation of an Intelligent Caravan Monitoring System (ICMS) using the Controller Area Network (CAN), for the communication between the vehicle’s electronic system and the trailer’s electronic system. Furthermore, a comparison between the communication technology of this paper and a previous published paper will be made. The new system is faster, more flexible and more energy efficient.

Security in the communication systems rely mainly on a trusted Public Key Infrastructure (PKI) and Certificate Authorities (CAs). Besides the lack of automation, the complexity and the cost of assigning a signed certificate to a device, several allegations against CAs have been discovered, which has created trust issues in adopting this standard model for secure systems. The automation of the servers certificate assignment was achieved by the Automated Certificate Management Environment (ACME) method, but without confirming the trust of assigned certificate. This paper presents a complete tested and implemented solution to solve the trust of the Certificates provided to the servers by using the blockchain platform for certificate validation. The Blockchain network provides an immutable data store, holding the public keys of all domain names, while resolving the trust concerns by applying an automated Blockchain-based Domain Control Validation (B-DCV) for the server and client server verification. The evaluation was performed on the Ethereum Rinkeby testnet adopting the Proof of Authority (PoA) consensus algorithm which is an improved version of Proof of Stake (Po \$S\$) applied on Ethereum 2.0 providing superior performance compared to Ethereum 1.0.

Chaos is an interesting phenomenon for nonlinear systems that emerges due to its complex and unpredictable behavior. With the escalated use of low-powered edge-compute devices, data security at the edge develops the need for security in communication. The characteristic that Chaos synchronizes over time for two different chaotic systems with their own unique initial conditions, is the base for chaos implementation in communication. This paper proposes an encryption architecture suitable for communication of on-chip sensors to provide a POC (proof of concept) with security encrypted on the same chip using different chaotic equations. In communication, encryption is achieved with the help of microcontrollers or software implementations that use more power and have complex hardware implementation. The small IoT devices are expected to be operated on low power and constrained with size. At the same time, these devices are highly vulnerable to security threats, which elevates the need to have low power/size hardware-based security. Since the discovery of chaotic equations, they have been used in various encryption applications. The goal of this research is to take the chaotic implementation to the CMOS level with the sensors on the same chip. The hardware co-simulation is demonstrated on an FPGA board for Chua encryption/decryption architecture. The hardware utilization for Lorenz, SprottD, and Chua on FPGA is achieved with Xilinx System Generation (XSG) toolbox which reveals that Lorenz’s utilization is 9% lesser than Chua’s.

Cloud computing plays major role in the development of accessing clouduser’s document and sensitive information stored. It has variety of content and representation. Cyber security and attacks in the cloud is a challenging aspect. Information security attains a vital part in Cyber Security management. It involves actions intended to reduce the adverse impacts of such incidents. To access the documents stored in cloud safely and securely, access control will be introduced based on cloud users to access the user’s document in the cloud. To achieve this, it is highly required to combine security components (e.g., Access Control, Usage Control) in the security document to get automatic information. This research work has proposed a Role Key Homomorphic Encryption Algorithm (RKHEA) to monitor the cloud users, who access the services continuously. This method provides access creation of session-based key to store the singularized encryption to reduce the key size from random methods to occupy memory space. It has some terms and conditions to be followed by the cloud users and also has encryption method to secure the document content. Hence the documents are encrypted with the RKHEA algorithm based on Service Key Access (SKA). Then, the encrypted key will be created based on access control conditions. The proposed analytics result shows an enhanced control over the documents in cloud and improved security performance.

Security troubles of restricted sources communications are vital. Existing safety answers aren't sufficient for restricted sources gadgets in phrases of Power Area and Ef-ficiency‘. Elliptic curves cryptosystem (ECC) is area efficent for restricted sources gadgets extra than different uneven cryp-to systems because it gives a better safety degree with equal key sizes compared to different present techniques. In this paper, we studied a lightweight hybrid encryption technique that makes use of set of rules primarily based totally on AES for the Plain text encription and Elliptic Curve Diffie-Hellman (ECDH) protocol for Key encryption. The simplicity of AES implementation makes it light weight and the complexity of ECDH make it secure. The design is simulated using Spyder Tool, Modelsim and Implemented using Xilinx Vivado the effects display that the proposed lightweight Model offers a customary security degree with decreased computing capacity. we proposed a key authentication system for enhanced security along with an Idea to implement the project with multimedia input on FPGA

In this paper we present techniques for enhancing the security of south bound infrastructure in SDN which includes OpenFlow switches and end hosts. In particular, the proposed security techniques have three main goals: (i) validation and secure configuration of flow rules in the OpenFlow switches by trusted SDN controller in the domain; (ii) securing the flows from the end hosts; and (iii) detecting attacks on the switches by malicious entities in the SDN domain. We have implemented the proposed security techniques as an application for ONOS SDN controller. We have also validated our application by detecting various OpenFlow switch specific attacks such as malicious flow rule insertions and modifications in the switches over a mininet emulated network.

Large volumes of private data are gathered, processed, and stored on computers by governments, the military, organizations, financial institutions, colleges, and other enterprises. This data is then sent through networks to other computers. Urgent measures are required to safeguard sensitive personal and company data as well as national security due to the exponential development in number and complexity of cyber- attacks. The essay discusses the characteristics of the Internet and demonstrates how private and financial data can be transmitted over it while still being safeguarded. We show that robbery has spread throughout India and the rest of the world, endangering the global economy and security and giving rise to a variety of cyber-attacks.

The present industrial scenario requires frequent transfer of data between remote servers and on premise devices and hence the risk of attacks on these data cannot be overlooked. Such security risk is even aggravated in case of sensitive information being compromised due to inefficient security implementations. Various forms of security implementations are being discussed and experimented for the same. With the introduction of devices with better processing capabilities, Public Key Infrastructure is a very popular technique being widely implemented, wherein symmetric and asymmetric key based encryptions are used inorder to secure the data being transferred and it has proven to be an effective technique. The PKI however suffers certain drawbacks and it is evident from the attacks. A system specifically designed for scenarios such as a factory having a centralised device management system requiring multiple devices to communicate and upload data safely to server is being put forward in this paper.

Pairings on elliptic curves are used for innovative protocols such as ID-based encryption and zk-SNARKs. To make the pairings secure, it is important to consider the STNFS which is the special number field sieve algorithm for discrete logarithms in the finite field. The Fotiadis-Konstantinou curve with embedding degree 12(FK12), is known as one of the STNFS secure curves. To an efficient pairing on the FK12 curve, there are several previous works that focus on final exponentiation. The one is based on lattice-based method to decompose the hard part of final exponentiation and addition chain. However, there is a possibility to construct a more efficient calculation algorithm by using the relations appeared in the decomposition calculation algorithm than that of the previous work. In this manuscript, the authors propose a relation of the decomposition and verify the effectiveness of the proposed method from the execution time.

Recently, Ning et al. proposed the “CryptCloud$^\textrm+\$$: Secure and Expressive Data Access Control for Cloud Storage” in IEEE Transaction on Services Computing. This work provided two versatile ciphertext-policy attribute-based encryption (CP-ABE) schemes to achieve flexible access control on encrypted data, namely ATER-CP-ABE and ATIR-CP-ABE, both of which have attractive advantages, such as white-box malicious user traceability, semi-honest authority accountability, public auditing and user revocation. However, we find a bug of access control in both schemes, i.e., a non-revoked user with attribute set \$S\$ can decrypt the ciphertext \$ct\$ encrypted under any access policy \$(A,\textbackslashrho )\$, regardless of whether \$S\$ satisfies \$(A,\textbackslashrho )\$ or not. This paper carefully analyzes the bug, and makes an improvement on Ning's pioneering work, so as to fix it.

Existing anomaly detection models show success in detecting abnormal images with generative adversarial networks on the insufficient annotation of anomalous samples. However, existing models cannot accurately identify the anomaly samples which are close to the normal samples. We assume that the main reason is that these methods ignore the diversity of patterns in normal samples. To alleviate the above issue, this paper proposes a novel anomaly detection framework based on generative adversarial network, called ADe-GAN. More concretely, we construct a self-supervised learning task to fully explore the pattern information and latent representations of input images. In model inferring stage, we design a new abnormality score approach by jointly considering the pattern information and reconstruction errors to improve the performance of anomaly detection. Extensive experiments show that the ADe-GAN outperforms the state-of-the-art methods over several real-world datasets.

Robustness verification of neural networks (NNs) is a challenging and significant problem, which draws great attention in recent years. Existing researches have shown that bound propagation is a scalable and effective method for robustness verification, and it can be implemented on GPUs and TPUs to get parallelized. However, the bound propagation methods naturally produce weak bound due to linear relaxations on the neurons, which may cause failure in verification. Although tightening techniques for simple ReLU networks have been explored, they are not applicable for NNs with general activation functions such as Sigmoid and Tanh. Improving robustness verification on these NNs is still challenging. In this paper, we propose a Branch-and-Bound (BaB) style method to address this problem. The proposed BaB procedure improves the weak bound by splitting the input domain of neurons into sub-domains and solving the corresponding sub-problems. We propose a generic heuristic function to determine the priority of neuron splitting by scoring the relaxation and impact of neurons. Moreover, we combine bound optimization with the BaB procedure to improve the weak bound. Experimental results demonstrate that the proposed method gains up to 35% improvement compared to the state-of-art CROWN method on Sigmoid and Tanh networks.

DDoS attacks are usually accompanied by IP spoofing, but the availability of existing DDoS defense systems for high-speed networks decreases when facing DDoS attacks with IP spoofing. Although IP traceback technologies are proposed to focus on IP spoofing in DDoS attacks, there are problems in practical application such as the need to change existing protocols and extensive infrastructure support. To defend against DDoS attacks under IP spoofing in high-speed networks, we propose a novel DDoS defense system, IM-Shield. IM-Shield uses the address pair consisting of the upper router interface MAC address and the destination IP address for DDoS attack detection. IM-Shield implements fine-grained defense against DDoS attacks under IP spoofing by filtering the address pairs of attack traffic without requiring protocol and infrastructure extensions to be applied on the Internet. Detection experiments using the public dataset show that in a 10Gbps high-speed network, the detection precision of IM-Shield for DDoS attacks under IP spoofing is higher than 99.9%; and defense experiments simulating real-time processing in a 10Gbps high-speed network show that IM-Shield can effectively defend against DDoS attacks under IP spoofing.

Exploring the efficient vulnerability scanning and detection technology of various tools is one fundamental aim of network security. This network security technique ameliorates the tremendous number of IoT security challenges and the threats they face daily. However, among various tools, Shodan Eye scanning technology has proven to be very helpful for network administrators and security personnel to scan, detect and analyze vulnerable ports and traffic in organizations' networks. This work presents a simulated network scanning activity and manual vulnerability analysis of an internet-connected industrial equipment of two chosen industrial networks (Industry A and B) by running Shodan on a virtually hosted (Oracle Virtual Box)-Linux-based operating system (Kali Linux). The result shows that the shodan eye is a a promising tool for network security and efficient vulnerability research.

Recently, in solving problems of sound radiation by systems of piezoceramic radiators, new approaches have emerged, which make it possible to significantly approximate the design parameters of systems to the actually measured ones. These approaches are associated with taking into account the specific features of these systems performing two functions - the function of converting electrical energy into acoustic energy and the function of forming the latter in the surrounding space. The peculiarity of the first function is the interconnection of the electric, mechanical and acoustic fields during energy conversion. The peculiarity of the second function is the interaction of the radiators in the system during the formation of its acoustic field. The aim of the work is to study the effect of acoustic interaction of cylindrical piezoceramic radiators in the composition of flat systems on their physical fields. Using the method of coupled fields in multiply connected domains, using the addition theorems for cylindrical wave functions, we obtain analytical relations that allow one to calculate the numerical results for the parameters of three interconnected physical fields that ensure the emission of sound by plane systems. Their analysis showed that with the radial symmetry of electrical excitation of cylindrical radiators, the conversion of electrical energy into mechanical energy is carried out on one - zero mode of oscillation. The placement of the radiators in the composition of the flat systems leads to the appearance of the effect of acoustic interaction between them in an external field, due to the multiple exchange of radiated and scattered waves. This effect destroys the radial symmetry of the acoustic loading of a single radiator. The violation of symmetry in the conversion of mechanical energy into acoustic energy leads to the appearance of oscillations that follow the zero mode. As a result, there is an effective redistribution of energy “pumped” into the radiators in the zero mode, between subsequent oscillations of the radiators. In turn, the emergence of new modes changes the acoustic field of a flat system. The results show the need to take into account the above features of the physical fields of the radiators in the composition of flat systems when choosing methods and developing methods for measuring field characteristics.

A critical property of distributed data processing systems is the high level of reliability of such systems. A practical solution to this problem is to place copies of archives of magnetic media in the nodes of the system. These archives are used to restore data destroyed during the processing of requests to this data. The paper shows the impact of the use of archives on the reliability indicators of distributed systems.

Graph-based Semi-Supervised Learning (GSSL) is a practical solution to learn from a limited amount of labelled data together with a vast amount of unlabelled data. However, due to their reliance on the known labels to infer the unknown labels, these algorithms are sensitive to data quality. It is therefore essential to study the potential threats related to the labelled data, more specifically, label poisoning. In this paper, we propose a novel data poisoning method which efficiently approximates the result of label inference to identify the inputs which, if poisoned, would produce the highest number of incorrectly inferred labels. We extensively evaluate our approach on three classification problems under 24 different experimental settings each. Compared to the state of the art, our influence-driven attack produces an average increase of error rate 50% higher, while being faster by multiple orders of magnitude. Moreover, our method can inform engineers of inputs that deserve investigation (relabelling them) before training the learning model. We show that relabelling one-third of the poisoned inputs (selected based on their influence) reduces the poisoning effect by 50%. ACM Reference Format: Adriano Franci, Maxime Cordy, Martin Gubri, Mike Papadakis, and Yves Le Traon. 2022. Influence-Driven Data Poisoning in Graph-Based Semi-Supervised Classifiers. In 1st Conference on AI Engineering - Software Engineering for AI (CAIN’22), May 16–24, 2022, Pittsburgh, PA, USA. ACM, New York, NY, USA, 11 pages. https://doi.org/10.1145/3522664.3528606

Chaotic cryptography is structurally related to the concepts of confusion and diffusion in traditional cryptography theory. Chaotic cryptography is formed by the inevitable connection between chaos theory and pure cryptography. In order to solve the shortcomings of the existing research on information encryption security system, this paper discusses the realization technology of information security, the design principles of encryption system and three kinds of chaotic mapping systems, and discusses the selection of development tools and programmable devices. And the information encryption security system based on chaos algorithm is designed and discussed, and the randomness test of three groups of encrypted files is carried out by the proposed algorithm and the AES (Advanced Encryption Standard) algorithm. Experimental data show that the uniformity of P-value value of chaos algorithm is 0.714 on average. Therefore, it is verified that the information encryption security system using chaos algorithm has high security.

Archival services are one of the main functions of an information security management system for archival management, and the conversion and updating of archival intelligence services is an important means to meet the increasing diversity and wisdom of the age of intelligence. The purpose of this paper is to study an information security management system for archival management based on embedded artificial intelligence. The implementation of an embedded control management system for intelligent filing cabinets is studied. Based on a configurable embedded system security model, the access control process and the functional modules of the system based on a secure call cache are analysed. Software for wireless RF communication was designed, and two remote control options were designed using CAN technology and wireless RF technology. Tests have shown that the system is easy to use, feature-rich and reliable, and can meet the needs of different users for regular control of file room management.

From an information-theoretic standpoint, the intrusion detection process can be examined. Given the IDS output(alarm data), we should have less uncertainty regarding the input (event data). We propose the Capability of Intrusion Detection (CID) measure, which is simply the ratio of mutual information between IDS input and output, and the input of entropy. CID has the desirable properties of (1) naturally accounting for all important aspects of detection capability, such as true positive rate, false positive rate, positive predictive value, negative predictive value, and base rate, (2) objectively providing an intrinsic measure of intrusion detection capability, and (3) being sensitive to IDS operation parameters. When finetuning an IDS, we believe that CID is the best performance metric to use. In terms of the IDS’ inherent ability to classify input data, the so obtained operation point is the best that it can achieve.

Web services are growing demand with fundamental advancements and have given more space to researchers for improving security of all real world applications. Accessing and get authenticated in many applications on web services, user discloses their password and other privacy data to the server for authentication purposes. These shared information should be maintained by the server with high security, otherwise it can be used for illegal purposes for any authentication breach. Protecting the applications from various attacks is more important. Comparing the security threats, insider attacks are most challenging to identify due to the fact that they use the authentication of legitimate users and their privileges to access the application and may cause serious threat to the application. Insider attacks has been studied in previous researchers with different security measures, however there is no much strong work proposed. Various security protocols were proposed for defending insider attackers. The proposed work focused on insider attack protection through Elgamal cryptography technique. The proposed work is much effective on insider attacks and also defends against various attacks. The proposed protocol is better than existing works. The key computation cost and communication cost is relatively low in this proposed work. The proposed work authenticates the application by parallel process of two way authentication mechanism through Elgamal algorithm.

This paper deals with how to implement a system that extends insider threat behavior data using private blockchain technology to overcome the limitations of insider threat datasets. Currently, insider threat data is completely undetectable in existing datasets for new methods of insider threat due to the lack of insider threat scenarios and abstracted event behavior. Also, depending on the size of the company, it was difficult to secure a sample of data with the limit of a small number of leaks among many general users in other organizations. In this study, we consider insiders who pose a threat to all businesses as public enemies. In addition, we proposed a system that can use a private blockchain to expand insider threat behavior data between network participants in real-time to ensure reliability and transparency.

Unmanned aerial vehicles (UAVs) and various network entities deployed on the ground can communicate with each other over the Internet of Drones (IoD), a network architecture designed expressly to allow communications between heterogenous entities. Drone technology has a wide range of uses, including on-demand package delivery, traffic and wild life surveillance, inspection of infrastructure and search, rescue and agriculture. However, IoD systems are vulnerable to numerous attacks, The main goal is to develop an all-encompassing security model that can be used to analyze security concerns in various UAV-based systems. With exceptional flexibility and increasing efficiency, trust management is a promising alternative to traditional detection methods. In a heterogeneous environment, it is also compatible with other security mechanisms. In this article, we present a fuzzy logic as an Insider Detection technique which calculate sensor data trust and assessing node behavior. To build confidence throughout the entire IoD, our proposal divides trust into two parts: Data trust and Node trust. This is in contrast to earlier models. Experimental results show that our solution is effective in terms of False positive ratio and Average of end-to-end delay.