Biblio

In order to overcome the excessive false detection of marginal noise and the object holes of the existing algorithm in outdoor panoramic surveillance, a moving object detection algorithm based on pixel background sample sets in panoramic scanning mode is proposed. In the light of the space distribution characteristics, neighborhood pixels have similar values. Therefore, a background sample set for each pixel is created by random sampling in the first scanning cycle which effectively avoids the false detection of marginal noise and reduces the time cost of background model establishment. The adjacent frame difference detection algorithm in the traditional camera motion mode is prone to object holes. To solve this problem, detection based on background sample sets is presented to obtain complete moving object region. The results indicate that the proposed moving object detection algorithm works more efficiently on reducing marginal noise interference, and obtains complete moving object information compared with the frame difference detection algorithm based on registration results in traditional camera motion mode, thereby meeting the needs of real-time detection as well as improving its accuracy.

Conventional intrusion detection systems for smart grid communications rely heavily on static based attack detection techniques. In essence, signatures created from historical data are compared to incoming network traffic to identify abnormalities. In the case of attacks where no historical data exists, static based approaches become ineffective thus relinquishing system resilience and stability. Moving target defense (MTD) has shown to be effective in discouraging attackers by introducing system entropy to increase exploit costs. Increase in exploit cost leads to a decrease in profitability for an attacker. In this paper, a Moving Target Defense Intrusion Detection System (MTDIDS) is proposed for smart grid IPv6 based advanced metering infrastructure. The advantage of MTDIDS is the ability to detect anomalies across moving targets by means of planar keys thereupon increasing detection rate. Evaluation of MTDIDS was carried out in a smart grid advanced metering infrastructure simulated in MATLAB.

Multi-robot transfer learning allows a robot to use data generated by a second, similar robot to improve its own behavior. The potential advantages are reducing the time of training and the unavoidable risks that exist during the training phase. Transfer learning algorithms aim to find an optimal transfer map between different robots. In this paper, we investigate, through a theoretical study of single-input single-output (SISO) systems, the properties of such optimal transfer maps. We first show that the optimal transfer learning map is, in general, a dynamic system. The main contribution of the paper is to provide an algorithm for determining the properties of this optimal dynamic map including its order and regressors (i.e., the variables it depends on). The proposed algorithm does not require detailed knowledge of the robots' dynamics, but relies on basic system properties easily obtainable through simple experimental tests. We validate the proposed algorithm experimentally through an example of transfer learning between two different quadrotor platforms. Experimental results show that an optimal dynamic map, with correct properties obtained from our proposed algorithm, achieves 60-70% reduction of transfer learning error compared to the cases when the data is directly transferred or transferred using an optimal static map.

With the continued advancement of the internet and relevant programs, the number of exploitable loopholes in security systems increases. One such exploit that is plaguing the software scene is ransomware, a type of malware that weaves its way through these security loopholes and denies access to intellectual property and documents via encryption. The culprits will then demand a ransom as a price for data decryption. Many businesses face the issue of not having stringent security measures that are sufficient enough to negate the threat of ransomware. This jeopardizes the availability of sensitive data as corporations and individuals are at threat of losing data crucial to business or personal operations. Although certain countermeasures to deal with ransomware exist, the fact that a plethora of new ransomware cases keeps appearing every year points to the problem that they aren't effective enough. This paper aims to conceptualize practical solutions that can be used as foundations to build on in hope that more effective and proactive countermeasures to ransomware can be developed in the future.

Nowadays data is always stored in a computer in the hyper-connected world and, a company or an organization or a person can come across financial loss, reputation loss, business disruption and intellectual property loss because of data leakage or data disclosure. Remote Access Trojans are used to invade a victim's PC and collect information from it. There have been signatures for these that have already emerged and defined as malwares, but there is no available signature yet if a malware or a remote access Trojan is a zero-day threat. In this circumstance network behavioral analysis is more useful than signature-based anti-virus scanners in order to detect the different behavior of malware. When the traffic will be cut or stoppedis important in capturing network traffic. In this paper, effective features for detecting RATs are proposed. These features are extracted from the first twenty packets. Our approach achieves 98% accuracy and 10% false negative rate by random forest algorithm.

Unlike traditional routing where packets are only stored and forward, network coding allows packets to mix together. New packets can be formed by combining other packets. This technique can provide benefits to the network. Network coding has been shown to improve network throughput, reduce energy consumption, improve network robustness and achieve the network capacity. 5G Network is foreseen as a novel network paradigm enabling massive device connectivity and enabling device-to-device communication (D2D). It has many potential applications ranging from ultra high definition video to virtual reality applications. In this paper, we present the advantages, benefits, scenarios, and applications of Network coding for 5G Network and device-to-device communication. We present the state-of-art research, the theoretical benefits, and detail how network coding can improve 5G Networks and D2D communication. Our results show that network coding can almost double the network throughput while increasing network robustness and decreasing the overall time to disseminate messages.

In the paper, we demonstrate novel approach for network Intrusion Detection System (IDS) for cyber security using unsupervised Deep Learning (DL) techniques. Very often, the supervised learning and rules based approach like SNORT fetch problem to identify new type of attacks. In this implementation, the input samples are numerical encoded and applied un-supervised deep learning techniques called Auto Encoder (AE) and Restricted Boltzmann Machine (RBM) for feature extraction and dimensionality reduction. Then iterative k-means clustering is applied for clustering on lower dimension space with only 3 features. In addition, Unsupervised Extreme Learning Machine (UELM) is used for network intrusion detection in this implementation. We have experimented on KDD-99 dataset, the experimental results show around 91.86% and 92.12% detection accuracy using unsupervised deep learning technique AE and RBM with K-means respectively. The experimental results also demonstrate, the proposed approach shows around 4.4% and 2.95% improvement of detection accuracy using RBM with K-means against only K-mean clustering and Unsupervised Extreme Learning Machine (USELM) respectively.

Distributed denial of service attacks represent continuous threat to availability of information and communication resources. This research conducted the analysis of relevant scientific literature and synthesize parameters on packet and traffic flow level applicable for detection of infrastructure layer DDoS attacks. It is concluded that packet level detection uses two or more parameters while traffic flow level detection often used only one parameter which makes it more convenient and resource efficient approach in DDoS detection.

In low-power wireless networking, new applications such as cooperative robots or industrial closed-loop control demand for network-wide consensus at low-latency and high reliability. Distributed consensus protocols is a mature field of research in a wired context, but has received little attention in low-power wireless settings. In this paper, we present A2: Agreement in the Air, a system that brings distributed consensus to low-power multi-hop networks. A2 introduces Synchrotron, a synchronous transmissions kernel that builds a robust mesh by exploiting the capture effect, frequency hopping with parallel channels, and link-layer security. A2 builds on top of this reliable base layer and enables the two- and three-phase commit protocols, as well as network services such as group membership, hopping sequence distribution and re-keying. We evaluate A2 on four public testbeds with different deployment densities and sizes. A2 requires only 475 ms to complete a two-phase commit over 180 nodes. The resulting duty cycle is 0.5% for 1-minute intervals. We show that A2 achieves zero losses end-to-end over long experiments, representing millions of data points. When adding controlled failures, we show that two-phase commit ensures transaction consistency in A2 while three-phase commit provides liveness at the expense of inconsistency under specific failure scenarios.

A general approach to the synthesis of the conditionally unstable fuzzy controller is introduced in this paper. This approach allows tuning the output signal of the system for both fast and smooth transient. Fuzzy logic allows combining the properties of several strategies of system tuning dependent on the state of the system. The utilization of instability allows achieving faster transient when the error of the system output is beyond the predefined value. Later the system roots are smoothly moved to the left-hand side of the complex s-plane due to the change of the membership function values. The results of the proposed approaches are compared with the results obtained using traditional methods of controller synthesis.

Even if information hiding can be used for licit purposes, it is increasingly exploited by malware to exfiltrate data or to coordinate attacks in a stealthy manner. Therefore, investigating new methods for creating covert channels is fundamental to completely assess the security of the Internet. Since the popularity of the carrier plays a major role, this paper proposes to hide data within VoIP traffic. Specifically, we exploit Voice Activity Detection (VAD), which suspends the transmission during speech pauses to reduce bandwidth requirements. To create the covert channel, our method transforms a VAD-activated VoIP stream into a non-VAD one. Then, hidden information is injected into fake RTP packets generated during silence intervals. Results indicate that steganographically modified VAD-activated VoIP streams offer a good trade-off between stealthiness and steganographic bandwidth.

Distributed data aggregation via summation (counting) helped us to learn the insights behind the raw data. However, such computing suffered from a high privacy risk of malicious collusion attacks. That is, the colluding adversaries infer a victim's privacy from the gaps between the aggregation outputs and their source data. Among the solutions against such collusion attacks, Distributed Differential Privacy (DDP) shows a significant effect of privacy preservation. Specifically, a DDP scheme guarantees the global differential privacy (the presence or absence of any data curator barely impacts the aggregation outputs) by ensuring local differential privacy at the end of each data curator. To guarantee an overall privacy performance of a distributed data aggregation system against malicious collusion attacks, part of the existing work on such DDP scheme aim to provide an estimated lower bound of privacy budget for the global differential privacy. However, there are two main problems: low data utility from using a large global function sensitivity; unknown privacy guarantee when the aggregation sensitivity of the whole system is less than the sum of the data curator's aggregation sensitivity. To address these problems while ensuring distributed differential privacy, we provide a new lower bound of privacy budget, which works with an unconditional aggregation sensitivity of the whole distributed system. Moreover, we study the performance of our privacy bound in different scenarios of data updates. Both theoretical and experimental evaluations show that our privacy bound offers better global privacy performance than the existing work.

Link quality protocols employ link quality estimators to collect statistics on the wireless link either independently or cooperatively among the sensor nodes. Furthermore, link quality routing protocols for wireless sensor networks may modify an estimator to meet their needs. Link quality estimators are vulnerable against malicious attacks that can exploit them. A malicious node may share false information with its neighboring sensor nodes to affect the computations of their estimation. Consequently, malicious node may behave maliciously such that its neighbors gather incorrect statistics about their wireless links. This paper aims to detect malicious nodes that manipulate the link quality estimator of the routing protocol. In order to accomplish this task, MINTROUTE and CTP routing protocols are selected and updated with intrusion detection schemes (IDSs) for further investigations with other factors. It is proved that these two routing protocols under scrutiny possess inherent susceptibilities, that are capable of interrupting the link quality calculations. Malicious nodes that abuse such vulnerabilities can be registered through operational detection mechanisms. The overall performance of the new LQR protocol with IDSs features is experimented, validated and represented via the detection rates and false alarm rates.

Dynamic security assessment provides system operators with vital information for possible preventive or emergency control to prevent security problems. In some cases, power system topology change deteriorates intelligent system-based online stability assessment performance. In this paper, we propose a new online assessment scheme to improve classification performance reliability of dynamic transient stability assessment. In the new scheme, we use an intelligent system consisting an ensemble of neural networks based on extreme learning machine. A new feature selection algorithm combining filter type method RRelief-F and wrapper type method Sequential Floating Forward Selection is proposed. Boosting learning algorithm is used in intelligent system training process which leads to higher classification accuracy. Moreover, we propose a new classification rule using weighted outputs of predictors in the ensemble helps to achieve 100% transient stability prediction in our case study.

Dynamic security assessment provides system operators with vital information for possible preventive or emergency control to prevent security problems. In some cases, power system topology change deteriorates intelligent system-based online stability assessment performance. In this paper, we propose a new online assessment scheme to improve classification performance reliability of dynamic transient stability assessment. In the new scheme, we use an intelligent system consisting an ensemble of neural networks based on extreme learning machine. A new feature selection algorithm combining filter type method RRelief-F and wrapper type method Sequential Floating Forward Selection is proposed. Boosting learning algorithm is used in intelligent system training process which leads to higher classification accuracy. Moreover, we propose a new classification rule using weighted outputs of predictors in the ensemble helps to achieve 100% transient stability prediction in our case study.

The term steganography was used to conceal thesecret message into other media file. In this paper, a novel imagesteganography is proposed, based on adaptive neural networkswith recycling the Improved Absolute Moment Block TruncationCoding algorithm, and by employing the enhanced five edgedetection operators with an optimal target of the ANNS. Wepropose a new scheme of an image concealing using hybridadaptive neural networks based on I-AMBTC method by thehelp of two approaches, the relevant edge detection operators andimage compression methods. Despite that, many processes in ourscheme are used, but still the quality of concealed image lookinggood according to the HVS and PVD systems. The final simulationresults are discussed and compared with another related researchworks related to the image steganography system.

Establishing trust relationships between routing nodes represents a vital security requirement to establish reliable routing processes that exclude infected or selfish nodes. In this paper, we propose a new security scheme for the Internet of things and mainly for the RPL (Routing Protocol for Low-power and Lossy Networks) called: Metric-based RPL Trustworthiness Scheme (MRTS). The primary aim is to enhance RPL security and deal with the trust inference problem. MRTS addresses trust issue during the construction and maintenance of routing paths from each node to the BR (Border Router). To handle this issue, we extend DIO (DODAG Information Object) message by introducing a new trust-based metric ERNT (Extended RPL Node Trustworthiness) and a new Objective Function TOF (Trust Objective Function). In fact, ERNT represents the trust values for each node within the network, and TOF demonstrates how ERNT is mapped to path cost. In MRTS all nodes collaborate to calculate ERNT by taking into account nodes' behavior including selfishness, energy, and honesty components. We implemented our scheme by extending the distributed Bellman-Ford algorithm. Evaluation results demonstrated that the new scheme improves the security of RPL.

With the continuous development of mobile based Wireless technologies, Bluetooth plays a vital role in smart-phone Era. In such scenario, the security measures are needed to be enhanced for Bluetooth. We propose a Node Energy Based Virus Propagation Model (NBV) for Bluetooth. The algorithm works with key features of node capacity and node energy in Bluetooth network. This proposed NBV model works along with E-mail worm Propagation model. Finally, this work simulates and compares the virus propagation with respect to Node Energy and network traffic.

Nowadays, data has become more important as the core resource for the information society. However, with the development of data analysis techniques, the privacy violation such as leakage of sensitive data and personal identification exposure are also increasing. Differential privacy is the technique to satisfy the requirement that any additional information should not be disclosed except information from the database itself. It is well known for protecting the privacy from arbitrary attack. However, recent research argues that there is a several ways to infer sensitive information from data although the differential privacy is applied. One of this inference method is to use the correlation between the data. In this paper, we investigate the new privacy threats using attribute correlation which are not covered by traditional studies and propose a privacy preserving technique that configures the differential privacy's noise parameter to solve this new threat. In the experiment, we show the weaknesses of traditional differential privacy method and validate that the proposed noise parameter configuration method provide a sufficient privacy protection and maintain an accuracy of data utility.

In this paper, we propose a method for normalization of rich feature sets to improve detection accuracy of simple classifiers in steganalysis. It consists of two steps: 1) replacing random subsets of empirical joint probability mass functions (co-occurrences) by their conditional probabilities and 2) applying a non-linear normalization to each element of the feature vector by forcing its marginal distribution over covers to be uniform. We call the first step random conditioning and the second step feature uniformization. When applied to maxSRMd2 features in combination with simple classifiers, we observe a gain in detection accuracy across all tested stego algorithms and payloads. For better insight, we investigate the gain for two image formats. The proposed normalization has a very low computational complexity and does not require any feedback from the stego class.

In cloud storage systems, users can upload their data along with associated tags (authentication information) to cloud storage servers. To ensure the availability and integrity of the outsourced data, provable data possession (PDP) schemes convince verifiers (users or third parties) that the outsourced data stored in the cloud storage server is correct and unchanged. Recently, several PDP schemes with designated verifier (DV-PDP) were proposed to provide the flexibility of arbitrary designated verifier. A designated verifier (private verifier) is trustable and designated by a user to check the integrity of the outsourced data. However, these DV-PDP schemes are either inefficient or insecure under some circumstances. In this paper, we propose the first non-repudiable PDP scheme with designated verifier (DV-NRPDP) to address the non-repudiation issue and resolve possible disputations between users and cloud storage servers. We define the system model, framework and adversary model of DV-NRPDP schemes. Afterward, a concrete DV-NRPDP scheme is presented. Based on the computing discrete logarithm assumption, we formally prove that the proposed DV-NRPDP scheme is secure against several forgery attacks in the random oracle model. Comparisons with the previously proposed schemes are given to demonstrate the advantages of our scheme.

Attack graph technique is a common tool for the evaluation of network security. However, attack graphs are generally too large and complex to be understood and interpreted by security administrators. This paper proposes an analysis framework for security attack graphs for a given IT infrastructure system. First, in order to facilitate the discovery of interconnectivities among vulnerabilities in a network, multi-host multi-stage vulnerability analysis (MulVAL) is employed to generate an attack graph for a given network topology. Then a novel algorithm is applied to refine the attack graph and generate a simplified graph called a transition graph. Next, a Markov model is used to project the future security posture of the system. Finally, the framework is evaluated by applying it on a typical IT network scenario with specific services, network configurations, and vulnerabilities.

The Internet of Things (IoT) has become ubiquitous in our daily life as billions of devices are connected through the Internet infrastructure. However, the rapid increase of IoT devices brings many non-traditional challenges for system design and implementation. In this paper, we focus on the hardware security vulnerabilities and ultra-low power design requirement of IoT devices. We briefly survey the existing design methods to address these issues. Then we propose an approximate computing based information hiding approach that provides security with low power. We demonstrate that this security primitive can be applied for security applications such as digital watermarking, fingerprinting, device authentication, and lightweight encryption.

In cyberspace, unknown zero-day attacks can bring safety hazards. Traditional defense methods based on signatures are ineffective. Based on the Cyberspace Mimic Defense (CMD) architecture, the paper proposes a framework to detect the attacks and respond to them. Inputs are assigned to all online redundant heterogeneous functionally equivalent modules. Their independent outputs are compared and the outputs in the majority will be the final response. The abnormal outputs can be detected and so can the attack. The damaged executive modules with abnormal outputs will be replaced with new ones from the diverse executive module pool. By analyzing the abnormal outputs, the correspondence between inputs and abnormal outputs can be built and inputs leading to recurrent abnormal outputs will be written into the zero-day attack related database and their reuses cannot work any longer, as the suspicious malicious inputs can be detected and processed. Further responses include IP blacklisting and patching, etc. The framework also uses honeypot like executive module to confuse the attacker. The proposed method can prevent the recurrent attack based on the same exploit.

For the increasing use of internet, it is equally important to protect the intellectual property. And for the protection of copyright, a blind digital watermark algorithm with SVD and OSELM in the IWT domain has been proposed. During the embedding process, SVD has been applied to the coefficient blocks to get the singular values in the IWT domain. Singular values are modulated to embed the watermark in the host image. Online sequential extreme learning machine is trained to learn the relationship between the original coefficient and the corresponding watermarked version. During the extraction process, this trained OSELM is used to extract the embedded watermark logo blindly as no original host image is required during this process. The watermarked image is altered using various attacks like blurring, noise, sharpening, rotation and cropping. The experimental results show that the proposed watermarking scheme is robust against various attacks. The extracted watermark has very much similarity with the original watermark and works good to prove the ownership.