Biblio
Accurate model is very important for the control of nonlinear system. The traditional identification method based on shallow BP network is easy to fall into local optimal solution. In this paper, a modeling method for nonlinear system based on improved Deep Belief Network (DBN) is proposed. Continuous Restricted Boltzmann Machine (CRBM) is used as the first layer of the DBN, so that the network can more effectively deal with the actual data collected from the real systems. Then, the unsupervised training and supervised tuning were combine to improve the accuracy of identification. The simulation results show that the proposed method has a higher identification accuracy. Finally, this improved algorithm is applied to identification of diameter model of silicon single crystal and the simulation results prove its excellent ability of parameters identification.
The security of image steganography is an important basis for evaluating steganography algorithms. Steganography has recently made great progress in the long-term confrontation with steganalysis. To improve the security of image steganography, steganography must have the ability to resist detection by steganalysis algorithms. Traditional embedding-based steganography embeds the secret information into the content of an image, which unavoidably leaves a trace of the modification that can be detected by increasingly advanced machine-learning-based steganalysis algorithms. The concept of steganography without embedding (SWE), which does not need to modify the data of the carrier image, appeared to overcome the detection of machine-learning-based steganalysis algorithms. In this paper, we propose a novel image SWE method based on deep convolutional generative adversarial networks. We map the secret information into a noise vector and use the trained generator neural network model to generate the carrier image based on the noise vector. No modification or embedding operations are required during the process of image generation, and the information contained in the image can be extracted successfully by another neural network, called the extractor, after training. The experimental results show that this method has the advantages of highly accurate information extraction and a strong ability to resist detection by state-of-the-art image steganalysis algorithms.
The class φ2 is a single transistor, fast transient inverter topology often associated with power conversion at very high frequency (VHF: 30MHz-300MHz). At VHF, gate drivers available on the market fail to provide the adequate transistor switching signal. Hence, there is a need for new power topologies that do no make use of gate drivers but are still suitable for power conversion at VHF. In This paper, we introduce a new class φ;2 topology that incorporates an oscillator, which takes the drain signal through a feedback circuit in order to force the transistor switching. A design methodology is provided and a 1MHz 20V input prototype is built in order to validate the topology behaviour.
State-of-the-art system-on-chip (SoC) field programmable gate arrays (FPGAs) integrate hard powerful ARM processor cores and the reconfigurable logic fabric on a single chip in addition to many commonly needed high performance and high-bandwidth peripherals. The increasing reliance on untrustworthy third-party IP (3PIP) cores, including both hardware and software in FPGA-based embedded systems has made the latter increasingly vulnerable to security attacks. Detection of trojans in 3PIPs is extremely difficult to current static detection methods since there is no golden reference model for 3PIPs. Moreover, many FPGA-based embedded systems do not have the support of security services typically found in operating systems. In this paper, we present our run-time, low-cost, and low-latency hardware and software based solution for protecting data stored in on-chip memory blocks, which has attracted little research attention. The implemented memory protection design consists of a hierarchical top-down structure and controls memory access from software IPs running on the processor and hardware IPs running in the FPGA, based on a set of rules or access rights configurable at run time. Additionally, virtual addressing and encryption of data for each memory help protect confidentiality of data in case of a failure of the memory protection unit, making it hard for the attacker to gain access to the data stored in the memory. The design is implemented and tested on the Intel (Altera) DE1-SoC board featuring a SoC FPGA that integrates a dual-core ARM processor with reconfigurable logic and hundreds of memory blocks. The experimental results and case studies show that the protection model is successful in eliminating malicious IPs from the system without need for reconfiguration of the FPGA. It prevents unauthorized accesses from untrusted IPs, while arbitrating access from trusted IPs generating legal memory requests, without incurring a serious area or latency penalty.
With the exponential hike in cyber threats, organizations are now striving for better data mining techniques in order to analyze security logs received from their IT infrastructures to ensure effective and automated cyber threat detection. Machine Learning (ML) based analytics for security machine data is the next emerging trend in cyber security, aimed at mining security data to uncover advanced targeted cyber threats actors and minimizing the operational overheads of maintaining static correlation rules. However, selection of optimal machine learning algorithm for security log analytics still remains an impeding factor against the success of data science in cyber security due to the risk of large number of false-positive detections, especially in the case of large-scale or global Security Operations Center (SOC) environments. This fact brings a dire need for an efficient machine learning based cyber threat detection model, capable of minimizing the false detection rates. In this paper, we are proposing optimal machine learning algorithms with their implementation framework based on analytical and empirical evaluations of gathered results, while using various prediction, classification and forecasting algorithms.
Aiming at the phenomenon that the urban traffic is complex at present, the optimization algorithm of the traditional logistic distribution path isn't sensitive to the change of road condition without strong application in the actual logistics distribution, the optimization algorithm research of logistics distribution path based on the deep belief network is raised. Firstly, build the traffic forecast model based on the deep belief network, complete the model training and conduct the verification by learning lots of traffic data. On such basis, combine the predicated road condition with the traffic network to build the time-share traffic network, amend the access set and the pheromone variable of ant algorithm in accordance with the time-share traffic network, and raise the optimization algorithm of logistics distribution path based on the traffic forecasting. Finally, verify the superiority and application value of the algorithm in the actual distribution through the optimization algorithm contrast test with other logistics distribution paths.
Cross layer based approaches are increasingly becoming popular in Manet (Mobile Adhoc Network). As Manet are constrained with issues as low battery, limited bandwidth, link breakage and dynamic topology, cross layer based designs are trying to remove such barriers and trying to make Manet more scalable. Cross layer designs are also facing attacking problem and ensuring the security of network to defend the attack is must. In this paper we discuss about technique to optimize the performance by minimizing delay and overhead of secure cross layer routing protocol. We have designed SCLPC (Secure cross layer based Power control) protocol. But when security is imposed using AASR (Authenticated and anonymous secure routing), the network metrics as end to end delay and control overhead is disturbed. To optimize the network performance here we proposed OSCLPC (Optimized secure cross layer based power control protocol). The proposed OSCLPC has been evaluated using SHORT (Self healing and optimizing route technique). The OSCLPC is simulated in ns2 and it is giving the better performance compared with SCLPC.
The capability of executing so-called smart contracts in a decentralised manner is one of the compelling features of modern blockchains. Smart contracts are fully fledged programs which cannot be changed once deployed to the blockchain. They typically implement the business logic of distributed apps and carry billions of dollars worth of coins. In that respect, it is imperative that smart contracts are correct and have no vulnerabilities or bugs. However, research has identified different classes of vulnerabilities in smart contracts, some of which led to prominent multi-million dollar fraud cases. In this paper we focus on vulnerabilities related to integer bugs, a class of bugs that is particularly difficult to avoid due to some characteristics of the Ethereum Virtual Machine and the Solidity programming language. In this paper we introduce Osiris – a framework that combines symbolic execution and taint analysis, in order to accurately find integer bugs in Ethereum smart contracts. Osiris detects a greater range of bugs than existing tools, while providing a better specificity of its detection. We have evaluated its performance on a large experimental dataset containing more than 1.2 million smart contracts. We found that 42,108 contracts contain integer bugs. Besides being able to identify several vulnerabilities that have been reported in the past few months, we were also able to identify a yet unknown critical vulnerability in a couple of smart contracts that are currently deployed on the Ethereum blockchain.
The Internet of Things (IoT) is an emerging technology, an extension of the traditional Internet which make everything is connected each other based on Radio Frequency Identification (RFID), Sensor, GPS or Machine to Machine technologies, etc. The security issues surrounding IoT have been of detrimental impact to its development and has consequently attracted research interest. However, there are very few approaches which assess the security of IoT from the perspective of an attacker. Penetration testing is widely used to evaluate traditional internet or systems security to date and it normally spends numerous cost and time. In this paper, we analyze the security problems of IoT and propose a penetration testing approach and its automation based on belief-desire-intention (BDI) model to evaluate the security of the IoT.
The use of real-time video streaming is increasing day-by-day, and its security has become a serious issue now. Video encryption is a challenging task because of its large frame size. Video encryption can be done with symmetric key as well as asymmetric key encryption. Among different asymmetric key encryption technique, ECC performs better than other algorithms like RSA in terms of smaller key size and faster encryption and decryption operation. In this work, we have analyzed the performance of 18 different ECC curves and suggested some suitable curves for real-time video encryption.
Performance is a critical system property of any system, in particular of data-intensive systems, such as image processing systems. We describe a performance engineering method for families of data-intensive systems that is both simple and accurate; the performance of new family members is predicted using models of existing family members. The predictive models are calibrated using static code analysis and regression. Code analysis is used to extract performance profiles, which are used in combination with regression to derive predictive performance models. A case study presents the application for an industrial image processing case, which revealed as benefits the easy application and identification of code performance optimization points.
To ensure the accountability of a cloud environment, security policies may be provided as a set of properties to be enforced by cloud providers. However, due to the sheer size of clouds, it can be challenging to provide timely responses to all the requests coming from cloud users at runtime. In this paper, we design and implement a middleware, PERMON, as a pluggable interface to OpenStack for intercepting and verifying the legitimacy of user requests at runtime, while leveraging our previous work on proactive security verification to improve the efficiency. We describe detailed implementation of the middleware and demonstrate its usefulness through a use case.
Thanks to its decentralized structure and immutability, blockchain technology has the potential to address relevant security and privacy challenges in the Internet of Things (IoT). In particular, by hosting and executing smart contracts, blockchain allows secure, flexible, and traceable message communication between IoT devices. The unique characteristics of IoT systems, such as heterogeneity and pervasiveness, however, pose challenges in designing smart contracts for such systems. In this paper, we study these challenges and propose a design approach for smart contracts used in IoT systems. The main goal of our design model is to enhance the development of IoT smart contracts based on the inherent pervasive attributes of IoT systems. In particular, the design model allows the smart contracts to encapsulate functionalities such as contractlevel communication between IoT devices, access to data-sources within contracts, and interoperability of heterogeneous IoT smart contracts. The essence of our approach is structuring the design of IoT smart contracts as self-contained software services, inspired by the microservice architecture model. The flexibility, scalability and modularity of this model make it an efficient approach for developing pervasive IoT smart contracts.
Modern automotive Cyber-Physical Systems (CPS) are increasingly adopting wireless communications for Intra-Vehicular, Vehicle-to-Vehicle (V2V), and Vehicle-to-Infrastructure (V2I) protocols as a promising solution for challenges such as the wire harnessing problem, collision detection, and collision avoidance, traffic control, and environmental hazards. Regrettably, this new trend results in new security challenges that can put the safety and privacy of the automotive CPS and passengers at great risk. In addition, automotive wireless communication security is constrained by strict energy and performance limitations of electronic controller units and sensors. As a result, the key generation and management for secure automotive CPS wireless communication is an open research challenge. This article aims to help solve these security challenges by presenting a practical key generation technique based on the reciprocity and high spatial and temporal variation properties of the automotive wireless communication channel. Accompanying this technique is also a key length optimization algorithm to improve performance (in terms of time and energy) for safety-related applications constrained by small communication windows. To validate the practicality and effectiveness of our approach, we have conducted simulations alongside real-world experiments with vehicles and RC cars. Last, we demonstrate through simulations that we can generate keys with high security strength (keys with 67% min-entropy) with 20× reduction in code size overhead in comparison to the state-of-the-art security techniques.
This paper studies the physical layer security performance of a Simultaneous Wireless Information and Power Transfer (SWIPT) millimeter wave (mmWave) ultra-dense network under a stochastic geometry framework. Specifically, we first derive the energy-information coverage probability and secrecy probability in the considered system under time switching policies. Then the effective secrecy throughput (EST) which can characterize the trade-off between the energy coverage, secure and reliable transmission performance is derived. Theoretical analyses and simulation results reveal the design insights into the effects of various network parameters like, transmit power, time switching factor, transmission rate, confidential information rate, etc, on the secrecy performance. Specifically, it is impossible to realize the effective secrecy throughput improvement just by increasing the transmit power.
The impending realization of scalable quantum computers will have a significant impact on today's security infrastructure. With the advent of powerful quantum computers public key cryptographic schemes will become vulnerable to Shor's quantum algorithm, undermining the security current communications systems. Post-quantum (or quantum-resistant) cryptography is an active research area, endeavoring to develop novel and quantum resistant public key cryptography. Amongst the various classes of quantum-resistant cryptography schemes, lattice-based cryptography is emerging as one of the most viable options. Its efficient implementation on software and on commodity hardware has already been shown to compete and even excel the performance of current classical security public-key schemes. This work discusses the next step in terms of their practical deployment, i.e., addressing the physical security of lattice-based cryptographic implementations. We survey the state-of-the-art in terms of side channel attacks (SCA), both invasive and passive attacks, and proposed countermeasures. Although the weaknesses exposed have led to countermeasures for these schemes, the cost, practicality and effectiveness of these on multiple implementation platforms, however, remains under-studied.
Return Oriented Programming is one of the major challenges for software security nowadays. It can bypass Data Execution Prevention (DEP) mechanism by chaining short instruction sequences from existing code together to induce arbitrary code execution. Existing defenses are usually trade-offs between practicality, security, and performance. In this paper, we propose PMUe, a low-cost hardware ROP detection approach that detects ROP attack based on three inherent properties of ROP. It is transparent to user applications and can be regarded as a small extension to existing Performance Monitoring Unit in commodity processors. Our evaluation demonstrates that PMUe can effectively detect ROP attack with negligible performance overhead.
Recommender system is an important component of many web services to help users locate items that match their interests. Several studies showed that recommender systems are vulnerable to poisoning attacks, in which an attacker injects fake data to a recommender system such that the system makes recommendations as the attacker desires. However, these poisoning attacks are either agnostic to recommendation algorithms or optimized to recommender systems (e.g., association-rule-based or matrix-factorization-based recommender systems) that are not graph-based. Like association-rule-based and matrix-factorization-based recommender systems, graph-based recommender system is also deployed in practice, e.g., eBay, Huawei App Store (a big app store in China). However, how to design optimized poisoning attacks for graph-based recommender systems is still an open problem. In this work, we perform a systematic study on poisoning attacks to graph-based recommender systems. We consider an attacker's goal is to promote a target item to be recommended to as many users as possible. To achieve this goal, our a"acks inject fake users with carefully crafted rating scores to the recommender system. Due to limited resources and to avoid detection, we assume the number of fake users that can be injected into the system is bounded. The key challenge is how to assign rating scores to the fake users such that the target item is recommended to as many normal users as possible. To address the challenge, we formulate the poisoning attacks as an optimization problem, solving which determines the rating scores for the fake users. We also propose techniques to solve the optimization problem. We evaluate our attacks and compare them with existing attacks under white-box (recommendation algorithm and its parameters are known), gray-box (recommendation algorithm is known but its parameters are unknown), and blackbox (recommendation algorithm is unknown) settings using two real-world datasets. Our results show that our attack is effective and outperforms existing attacks for graph-based recommender systems. For instance, when 1% of users are injected fake users, our attack can make a target item recommended to 580 times more normal users in certain scenarios.
In this work NTRU-like cryptosystem NTRU Prime IIT Ukraine, which is created on the basis of existing cryptographic transformations end-to-end encryption type, is considered. The description of this cryptosystem is given and its analysis is carried out. Also, features of its implementation, comparison of the main characteristics and indicators, as well as the definition of differences from existing NTRU-like cryptographic algorithms are presented. Conclusions are made and recommendations are given.
Post-quantum secure communication has attracted much interest in recent years. Known computationally secure post-quantum key agreement protocols are resource intensive for small devices. These devices may need to securely send frequent short messages, for example to report the measurement of a sensor. Secure communication using physical assumptions provides information-theoretic security (and so quantum-safe) with small computational over-head. Security and efficiency analysis of these systems however is asymptotic. In this poster we consider two secure message communication systems, and derive and compare their security and efficiency for finite length messages. Our results show that these systems indeed provide an attractive alternative for post-quantum security.
The risk of large-scale blackouts and cascading failures in power grids can be due to vulnerable transmission lines and lack of proper remediation techniques after recognizing the first failure. In this paper, we assess the vulnerability of a system using fault chain theory and a power flow-based method, and calculate the probability of large-scale blackout. Further, we consider a Remedial Action Scheme (RAS) to reduce the vulnerability of the system and to harden the critical components against intentional attacks. To identify the most critical lines more efficiently, a new vulnerability index is presented. The effectiveness of the new index and the impact of the applied RAS is illustrated on the IEEE 14-bus test system.
As network security monitoring grows more sophisticated, there is an increasing need for outsourcing such tasks to third-party analysts. However, organizations are usually reluctant to share their network traces due to privacy concerns over sensitive information, e.g., network and system configuration, which may potentially be exploited for attacks. In cases where data owners are convinced to share their network traces, the data are typically subjected to certain anonymization techniques, e.g., CryptoPAn, which replaces real IP addresses with prefix-preserving pseudonyms. However, most such techniques either are vulnerable to adversaries with prior knowledge about some network flows in the traces, or require heavy data sanitization or perturbation, both of which may result in a significant loss of data utility. In this paper, we aim to preserve both privacy and utility through shifting the trade-off from between privacy and utility to between privacy and computational cost. The key idea is for the analysts to generate and analyze multiple anonymized views of the original network traces; those views are designed to be sufficiently indistinguishable even to adversaries armed with prior knowledge, which preserves the privacy, whereas one of the views will yield true analysis results privately retrieved by the data owner, which preserves the utility. We formally analyze the privacy of our solution and experimentally evaluate it using real network traces provided by a major ISP. The results show that our approach can significantly reduce the level of information leakage (e.g., less than 1% of the information leaked by CryptoPAn) with comparable utility.
The ever rising attacks on IT infrastructure, especially on networks has become the cause of anxiety for the IT professionals and the people venturing in the cyber-world. There are numerous instances wherein the vulnerabilities in the network has been exploited by the attackers leading to huge financial loss. Distributed denial of service (DDoS) is one of the most indirect security attack on computer networks. Many active computer bots or zombies start flooding the servers with requests, but due to its distributed nature throughout the Internet, it cannot simply be terminated at server side. Once the DDoS attack initiates, it causes huge overhead to the servers in terms of its processing capability and service delivery. Though, the study and analysis of request packets may help in distinguishing the legitimate users from among the malicious attackers but such detection becomes non-viable due to continuous flooding of packets on servers and eventually leads to denial of service to the authorized users. In the present research, we propose traffic flow and flow count variable based prevention mechanism with the difference in homogeneity. Its simplicity and practical approach facilitates the detection of DDoS attack at the early stage which helps in prevention of the attack and the subsequent damage. Further, simulation result based on different instances of time has been shown on T-value including generation of simple and harmonic homogeneity for observing the real time request difference and gaps.
Software Defined Network (SDN) is getting popularity both from academic and industry. Lot of researches have been made to combine SDN with future Internet paradigms to manage and control networks efficiently. SDN provides better management and control in a network through decoupling of data and control plane. Named Data Networking (NDN) is a future Internet technique with aim to replace IPv4 addressing problems. In NDN, communication between different nodes done on the basis of content names rather than IP addresses. Vehicular Ad-hoc Network (VANET) is a subtype of MANET which is also considered as a hot area for future applications. Different vehicles communicate with each other to form a network known as VANET. Communication between VANET can be done in two ways (i) Vehicle to Vehicle (V2V) (ii) Vehicle to Infrastructure (V2I). Combination of SDN and NDN techniques in future Internet can solve lot of problems which were hard to answer by considering a single technique. Security in VANET is always challenging due to unstable topology of VANET. In this paper, we merge future Internet techniques and propose a new scheme to answer timing attack problem in VANETs named as Timing Attack Prevention (TAP) protocol. Proposed scheme is evaluated through simulations which shows the superiority of proposed protocol regarding detection and mitigation of attacker vehicles as compared to normal timing attack scenario in NDN based VANET.
The recently applied General Data Protection Regulation (GDPR) aims to protect all EU citizens from privacy and data breaches in an increasingly data-driven world. Consequently, this deeply affects the factory domain and its human-centric automation paradigm. Especially collaboration of human and machines as well as individual support are enabled and enhanced by processing audio and video data, e.g. by using algorithms which re-identify humans or analyse human behaviour. We introduce most significant impacts of the recent legal regulation change towards the automations domain at a glance. Furthermore, we introduce a representative scenario from production, deduce its legal affections from GDPR resulting in a privacy-aware software architecture. This architecture covers modern virtualization techniques along with authorization and end-to-end encryption to ensure a secure communication between distributes services and databases for distinct purposes.