Biblio

Host-based Intrusion Detection Systems HIDS are often based on anomaly detection. Several studies deal with anomaly detection by analyzing the system-call traces and get good detection rates but also a high rate off alse positives. In this paper, we propose a new anomaly detection approach applied on the system-call traces. The normal behavior learning is done using a Sequence to sequence model based on a Variational Encoder-Decoder (VED) architecture that integrates Recurrent Neural Networks (RNN) cells. We exploit the semantics behind the invoking order of system-calls that are then seen as sentences. A preprocessing phase is added to structure and optimize the model input-data representation. After the learning step, a one-class classification is run to categorize the sequences as normal or abnormal. The architecture may be used for predicting abnormal behaviors. The tests are achieved on the ADFA-LD dataset.

Almost all smart appliances are operated through wireless sensor networks. With the passage of time, due to various applications, the WSN becomes prone to various external attacks. Preventing such attacks, Intrusion Detection strategy (IDS) is very crucial to secure the network from the malicious attackers. The proposed IDS methodology discovers the pattern in large data corpus which works for different types of algorithms to detect four types of Denial of service (DoS) attacks, namely, Grayhole, Blackhole, Flooding, and TDMA. The state-of-the-art detection algorithms, such as KNN, Naïve Bayes, Logistic Regression, Support Vector Machine (SVM), and ANN are applied to the data corpus and analyze the performance in detecting the attacks. The analysis shows that these algorithms are applicable for the detection and prediction of unavoidable attacks and can be recommended for network experts and analysts.

Network behavior anomaly detection (NBAD) require fast mechanisms for learning from the large scale data. However, the training velocity of general machine learning approach is largely limited by the adopted training weights of all features in the NBAD. In this paper, we notice, however, that the related weights matching of NBAD features is sparse, which is not necessary for holding all weights. Hence, in this paper, we consider an efficient support vector machine (SVM) approach for NBAD by imposing 1 -norm. Essentially, we propose to use sparse SVM (S-SVM), where sparsity in model, i.e. in weights is used to interfere with special feature selection and that can achieve feature selection and classification efficiently.

With the continuous improvement of people's safety awareness, infrared products as human motion detection technology have been widely used in the field of security. In order to better apply infrared products to life, improving the performance of infrared products and reducing the cost of products has become the main goal. According to the signal collected by Pyroelectric infrared (PIR) sensor, this paper establishes a database model. According to the data collected, Kalman filter is used to preprocess the data. The validity of the data after preprocessing is judged by the algorithm. The experimental results show that the accuracy of the model can reach 97% by using a support vector machine (SVM) algorithm incorporated with Fast Fourier Transform (FFT). According to the above algorithm flow, a real-time intellectual property (IP) core is designed by using hardware description language, after establishing the data processing algorithm. The interface design, timing design and function design of the IP core are designed. The IP core can be connected to the microcontroller unit (MCU) as an independent peripheral to form a PIR special processor, which can detect the distance of 15 m in real time.

This paper proposes a method to synthesis acoustic wave (AW) filters with Chebyshev response automatically. Meanwhile, each AW resonator used to design the filter can be easily fabricated on the same piezoelectric substrate. The method is based on an optimization algorithm with constraints for constant electromechanical coupling coefficient ( kt2) to minimize the defined cost function. Finally, the experimental result for a surface acoustic wave (SAW) filter of global positioning system (GPS) frequency band based on the 42° lithium tantalate (LiTaO3) substrate validates the simulation results. The designed filter shows insertion loss (IL) and return loss (RL) better than 2.5dB and 18dB respectively in the pass-band, and out-band reflection larger than 30dB.

We are answering the question whenever systems with convolutional neural network classifier trained over plain and encrypted data keep the ordering according to accuracy. Our motivation is need for designing convolutional neural network classifiers when data in their plain form are not accessible because of private company policy or sensitive data gathered by police. We propose to use a combination of fully connected autoencoder together with a convolutional neural network classifier. The autoencoder transforms the data info form that allows the convolutional classifier to be trained. We present three experiments that show the ordering of systems over plain and encrypted data. The results show that the systems indeed keep the ordering, and thus a NN designer can select appropriate architecture over encrypted data and later let data owner train or fine-tune the system/CNN classifier on the plain data.

Online gaming is one of the most successful applications having a large number of players interacting in an online persistent virtual world through the Internet. However, some cheating players gain improper advantages over normal players by using illegal automated plugins which has brought huge harm to game health and player enjoyment. Game industries have been devoting much efforts on cheating detection with multiview data sources and achieved great accuracy improvements by applying artificial intelligence (AI) techniques. However, generating explanations for cheating detection from multiple views still remains a challenging task. To respond to the different purposes of explainability in AI models from different audience profiles, we propose the EMGCD, the first explainable multi-view game cheating detection framework driven by explainable AI (XAI). It combines cheating explainers to cheating classifiers from different views to generate individual, local and global explanations which contributes to the evidence generation, reason generation, model debugging and model compression. The EMGCD has been implemented and deployed in multiple game productions in NetEase Games, achieving remarkable and trustworthy performance. Our framework can also easily generalize to other types of related tasks in online games, such as explainable recommender systems, explainable churn prediction, etc.

Cross-Site Scripting (XSS) is an attack most often carried out by attackers to attack a website by inserting malicious scripts into a website. This attack will take the user to a webpage that has been specifically designed to retrieve user sessions and cookies. Nearly 68% of websites are vulnerable to XSS attacks. In this study, the authors conducted a study by evaluating several machine learning methods, namely Support Vector Machine (SVM), K-Nearest Neighbour (KNN), and Naïve Bayes (NB). The machine learning algorithm is then equipped with the n-gram method to each script feature to improve the detection performance of XSS attacks. The simulation results show that the SVM and n-gram method achieves the highest accuracy with 98%.

Current Internet of Things (IoT) infrastructures, with its massive data requirements, rely on cloud storage: however, usage of a single cloud storage can place limitations on the IoT applications in terms of service requirements (performance, availability, security etc.). Multi-cloud storage architecture has been emerged as a promising infrastructure to solve this problem, but this approach has limited impact due to the lack of differentiation between competing cloud solutions. Multiple decentralized storage solutions (e.g., based on blockchains) are entering the market with distinct characteristics in terms of architecture, performance, security and availability and at a lower price compared to cloud storage. In this work, we introduce BlockAM: an adaptive middleware for the intelligent selection of storage technology for IoT applications, which jointly considers the cloud, multi-cloud and decentralized storage technologies to store large-scale IoT data. We model the cost-minimization storage selection problem and propose two heuristic algorithms: Dynamic Programming (DP) based algorithm and Greedy Style (GS) algorithm, for optimizing the choice of data storage based on IoT application's service requirements. We also employ blockchain to store IoT data on-chain in order to provide data integrity, auditability and accountability to the middleware architecture. Comparisons among the heuristic algorithms are conducted through extensive experiments, which demonstrates that DP heuristic and GS heuristic achieve up to 92% and 80% accuracy respectively. Moreover, the price associated with a specific IoT application data storage decrease by up to 31.2% by employing our middleware solution.

The incidence of abnormal road traffic events, especially abnormal traffic congestion, is becoming more and more prominent in daily traffic management in China. It has become the main research work of urban traffic management to detect and identify traffic congestion incidents in time. Efficient and accurate detection of traffic congestion incidents can provide a good strategy for traffic management. At present, the detection and recognition of traffic congestion events mainly rely on the integration of road traffic flow data and the passing data collected by electronic police or devices of checkpoint, and then estimating and forecasting road conditions through the method of big data analysis; Such methods often have some disadvantages such as low time-effect, low precision and small prediction range. Therefore, with the help of the current large and medium cities in the public security, traffic police have built video surveillance equipment, through computer vision technology to analyze the traffic flow from video monitoring, in this paper, the motion state and the changing trend of vehicle flow are obtained by using the technology of vehicle detection from video and multi-target tracking based on deep learning, so as to realize the perception and recognition of traffic congestion. The method achieves the recognition accuracy of less than 60 seconds in real-time, more than 80% in detection rate of congestion event and more than 82.5% in accuracy of detection. At the same time, it breaks through the restriction of traditional big data prediction, such as traffic flow data, truck pass data and GPS floating car data, and enlarges the scene and scope of detection.

Technology is advancing rapidly and with this advancement, it has become apparent that it is nearly impossible to not leave a digital trace when committing a crime. As evidenced by multiple cases handled by law enforcement, Fitbit data has proved to be useful when determining the validity of alibis and in piecing together the timeline of a crime scene. In our paper, experiments testing the accuracy and reliability of GPS-tracked activities logged by the Fitbit Alta tracker and Ionic smartwatch are conducted. Potential indicators of manipulated or altered GPS-tracked activities are identified to help guide digital forensic investigators when handling such Fitbit data as evidence.

In cyber threat information sharing, secure transfer and protecting privacy are very important. In this paper we solve these issues by suggesting a platform based on private permissioned Blockchain, which provides us with access control as well. The platform is called Anon-ISAC and is built on the Enhanced Privacy ID (EPID) zero-knowledge proof scheme. It makes use of permissioned Blockchain as a way to keep identity anonymous. Organizations can share their information on incidents or other artifacts among trusted parties, while they keep their identity hidden. This will save them from unwanted consequences of exposure of sensitive security information.

Emerging device-to-device (D2D) communication in 5th generation (5G) mobile communication networks and internet of things (loTs) provides many benefits in improving network capabilities such as energy consumption, communication delay and spectrum efficiency. D2D group communication has the potential for improving group-based services including group games and group discussions. Providing security in D2D group communication is the main challenge to make their wide usage possible. Nevertheless, the issue of security and privacy of D2D group communication has been less addressed in recent research work. In this paper, we propose an authentication and key agreement tree group-based (AKATGB) protocol to realize a secure and anonymous D2D group communication. In our protocol, a group of D2D users are first organized in a tree structure, authenticating each other without disclosing their identities and without any privacy violation. Then, D2D users negotiate to set a common group key for establishing a secure communication among themselves. Security analysis and performance evaluation of the proposed protocol show that it is effective and secure.

Cloud computing is an Internet-based technology that emerging rapidly in the last few years due to popular and demanded services required by various institutions, organizations, and individuals. structured, unstructured, semistructured data is transfer at a record pace on to the cloud server. These institutions, businesses, and organizations are shifting more and more increasing workloads on cloud server, due to high cost, space and maintenance issues from big data, cloud computing will become a potential choice for the storage of data. In Cloud Environment, It is obvious that data is not secure completely yet from inside and outside attacks and intrusions because cloud servers are under the control of a third party. The Security of data becomes an important aspect due to the storage of sensitive data in a cloud environment. In this paper, we give an overview of characteristics and state of art of big data and data security & privacy top threats, open issues and current challenges and their impact on business are discussed for future research perspective and review & analysis of previous and recent frameworks and architectures for data security that are continuously established against threats to enhance how to keep and store data in the cloud environment.

Distributed banking platforms and services forgo centralized banks to process financial transactions. For example, M-Pesa provides distributed banking service in the developing regions so that the people without a bank account can deposit, withdraw, or transfer money. The current distributed banking systems lack the transparency in monitoring and tracking of distributed banking transactions and thus do not support auditing of distributed banking transactions for accountability. To address this issue, this paper proposes a blockchain-based distributed banking (BDB) scheme, which uses blockchain technology to leverage its built-in properties to record and track immutable transactions. BDB supports distributed financial transaction processing but is significantly different from cryptocurrencies in its design properties, simplicity, and computational efficiency. We implement a prototype of BDB using smart contract and conduct experiments to show BDB's effectiveness and performance. We further compare our prototype with the Ethereum cryptocurrency to highlight the fundamental differences and demonstrate the BDB's superior computational efficiency.

Wide integration of information and communication technology (ICT) in modern power grids has brought many benefits as well as the risk of cyber attacks. A critical step towards defending grid cyber security is to understand the cyber-physical causal chain, which describes the progression of intrusion in cyber-space leading to the formation of consequences on the physical power grid. In this paper, we develop an attack vector for a time delay attack at load frequency control in the power grid. Distinct from existing works, which are separately focused on cyber intrusion, grid response, or testbed validation, the proposed attack vector for the first time provides a full cyber-physical causal chain. It targets specific vulnerabilities in the protocols, performs a denial-of-service (DoS) attack, induces the delays in control loop, and destabilizes grid frequency. The proposed attack vector is proved in theory, presented as an attack tree, and validated in an experimental environment. The results will provide valuable insights to develop security measures and robust controls against time delay attacks.

Video streams acquired from thermal cameras are proven to be beneficial in diverse number of fields including military, healthcare, law enforcement, and security. Despite the hype, thermal imaging is increasingly affected by poor resolution, where it has expensive optical sensors and inability to attain optical precision. In recent years, deep learning based super-resolution algorithms are developed to enhance the video frame resolution at high accuracy. This paper presents a comparative analysis of super resolution (SR) techniques based on deep neural networks (DNN) that are applied on thermal video dataset. SRCNN, EDSR, Auto-encoder, and SRGAN are also discussed and investigated. Further the results on benchmark thermal datasets including FLIR, OSU thermal pedestrian database and OSU color thermal database are evaluated and analyzed. Based on the experimental results, it is concluded that, SRGAN has delivered a superior performance on thermal frames when compared to other techniques and improvements, which has the ability to provide state-of-the art performance in real time operations.

A recurring principle in consideration of the future of systems engineering is continual dynamic adaptation. Context drives change whether it be from potential loss (threats, vulnerabilities) or from potential gain (opportunity-driven). Contextual-awareness has great influence over the future of systems engineering and of systems security. Those contextual environments contain fitness functions that will naturally select compatible approaches and filter out the incompatible, with prejudice. We don't have to guess at what those environmental shaping forces will look like. William Gibson famously tells us why: “The future is already here, it's just not evenly distributed;” and, sometimes difficult to discern. This paper provides archetypes that 1) characterize general systems engineering for products, processes, and operations; 2) characterize the integration of security to systems engineering; and, 3) characterize contextually aware agile-security. This paper is more of a problem statement than a solution. Solution objectives and tactics for guiding the path forward have a broader range of options for subsequent treatment elsewhere. Our purpose here is to offer a short list of necessary considerations for effective contextually aware adaptive system security in the future of systems engineering.

Cloud forensics investigates the crime committed over cloud infrastructures like SLA-violations and storage privacy. Cloud storage forensics is the process of recording the history of the creation and operations performed on a cloud data object and investing it. Secure data provenance in the Cloud is crucial for data accountability, forensics, and privacy. Towards this, we present a Cloud-based data provenance framework using Blockchain, which traces data record operations and generates provenance data. Initially, we design a dropbox like application using AWS S3 storage. The application creates a cloud storage application for the students and faculty of the university, thereby making the storage and sharing of work and resources efficient. Later, we design a data provenance mechanism for confidential files of users using Ethereum blockchain. We also evaluate the proposed system using performance parameters like query and transaction latency by varying the load and number of nodes of the blockchain network.

Robot networks are susceptible to fail under the presence of malicious or defective robots. Resilient networks in the literature require high connectivity and large communication ranges, leading to high energy consumption in the communication network. This paper presents robot formations with guaranteed resiliency that use smaller communication ranges than previous results in the literature. The formations can be built on triangular and square lattices in the plane, and cubic lattices in the three-dimensional space. We support our theoretical framework with simulations.

In order to solve the problems of inconvenient carrying and management of the access card used in the existing market access control system, a set of intelligent access control system based on DES encrypted two-dimensional code is designed. The system consists of Android smart phone, embedded access controller and server. By sending and receiving QR code via smart phone, access to the door is obtained, which realizes centralized management of office buildings, companies, senior office buildings, luxury residences and other middle and high-rise places, effectively preventing unauthorized people from entering the high security area. In order to ensure information security, the two-dimensional code is encrypted by DES algorithm. This system has the characteristics of low cost, high security and flexible operation. It is still blank in the application field and has certain promotion value.

In order to significantly improve the reliable interaction and fast processing when TT&C(Tracking, Telemetry and Command) Resource Scheduling and Management System (TRSMS) communicate with external systems which are diverse, multiple directional and high concurrent, this paper designs and implements a highly concurrent and secure middleware for TT&C Resource Automatic Scheduling Interface (TRASI). The middleware designs memory pool, data pool, thread pool and task pool to improve the efficiency of concurrent processing, uses the rule dictionary, communication handshake and wait retransmission mechanism to ensure the data interaction security and reliability. This middleware can effectively meet the requirements of TRASI for data exchange with external users and system, significantly improve the data processing speed and efficiency, and promote the information technology and automation level of Aerospace TT&C Network Management Center (TNMC).

State estimation is of considerable significance for the power system operation and control. However, well-designed false data injection attacks can utilize blind spots in conventional residual-based bad data detection methods to manipulate measurements in a coordinated manner and thus affect the secure operation and economic dispatch of grids. In this paper, we propose a detection approach based on an autoencoder neural network. By training the network on the dependencies intrinsic in `normal' operation data, it effectively overcomes the challenge of unbalanced training data that is inherent in power system attack detection. To evaluate the detection performance of the proposed mechanism, we conduct a series of experiments on the IEEE 118-bus power system. The experiments demonstrate that the proposed autoencoder detector displays robust detection performance under a variety of attack scenarios.

Nowadays, Vehicular Ad hoc Networks (VANETs) are popularly known as they can reduce traffic and road accidents. These networks need several security requirements, such as anonymity, data authentication, confidentiality, traceability and cancellation of offending users, unlinkability, integrity, undeniability and access control. Authentication of the data and sender are most important security requirements in these networks. So many authentication schemes have been proposed up to now. One of the well-known techniques to provide users authentication in these networks is the authentication based on the smartcard (ASC). In this paper, we propose an ASC scheme that not only provides necessary security requirements such as anonymity, traceability and unlinkability in the VANETs but also is more efficient than the other schemes in the literatures.

To our best knowledge, the p-sensitive k-anonymity model is a sophisticated model to resist linking attacks and homogeneous attacks in data publishing. However, if the distribution of sensitive values is skew, the model is difficult to defend against skew attacks and even faces sensitive attacks. In practice, the privacy requirements of different sensitive values are not always identical. The “one size fits all” unified privacy protection level may cause unnecessary information loss. To address these problems, the paper quantifies privacy requirements with the concept of IDF and concerns more about sensitive groups. Two enhanced anonymous models with personalized protection characteristic, that is, (p,αisg) -sensitive k-anonymity model and (pi,αisg)-sensitive k-anonymity model, are then proposed to resist skew attacks and sensitive attacks. Furthermore, two clustering algorithms with global search and local search are designed to implement our models. Experimental results show that the two enhanced models have outstanding advantages in better privacy at the expense of a little data utility.