Biblio

This paper studies the data-driven stealthy actuator attack against cyber-physical systems. The objective of the attacker is to add a certain bias to the output while keeping the detection rate of the χ2 detector less than a certain value. With the historical input and output data, the parameters of the system are estimated and the attack signal is the solution of a convex optimization problem constructed with the estimated parameters. The extension to the case of arbitrary detectors is also discussed. A numerical example is given to verify the effectiveness of the attack.

A Field Programmable Gate Array (FPGA) is a digital Integrated Circuit made up of interconnected functional blocks, which can be programmed by the end-user to perform required logic functions. As FPGAs are re-programmable, partially re-configurable and have lowertime to market, FPGA has become a vital component in the field of electronics. FPGAs are undergoing many security issues as the adversaries are trying to make profits by replicating the original design, without any investment. The major security issues are cloning, counterfeiting, reverse engineering, Physical tampering, and insertion of malicious components, etc. So, there is a need for security of FPGAs. A Secret key must be embedded in an IC, to provide identification and authentication to it. Physical Unclonable Functions (PUFs) can provide these secret keys, by using the physical properties of the chip. These physical properties are not reproducible even by the manufacturer. Hence the responses produced by the PUF are unique for every individual chip. The method of generating unique binary signatures helps in cryptographic key generation, digital rights management, Intellectual Property (IP) protection, IC counterfeit prevention, and device authentication. The PUFs are very promising in signature generation in the field of hardware security. In this paper, the secret binary responses is generated with the help of a delay based Ring Oscillator PUF, which does not use a clock circuit in its architecture.

This paper proposes an approach that combines a deep learning-based method and a traditional machine learning-based method to efficiently detect malicious requests Web servers received. The first few layers of Convolutional Neural Network for Text Classification (TextCNN) are used to automatically extract powerful semantic features and in the meantime transferable statistical features are defined to boost the detection ability, specifically Web request parameter tampering. The semantic features from TextCNN and transferable statistical features from artificially-designing are grouped together to be fed into Support Vector Machine (SVM), replacing the last layer of TextCNN for classification. To facilitate the understanding of abstract features in form of numerical data in vectors extracted by TextCNN, this paper designs trace-back functions that map max-pooling outputs back to words in Web requests. After investigating the current available datasets for Web attack detection, HTTP Dataset CSIC 2010 is selected to test and verify the proposed approach. Compared with other deep learning models, the experimental results demonstrate that the approach proposed in this paper is competitive with the state-of-the-art.

Privacy protection is becoming more and more important in the era of big data. Differential privacy is a rigorous and provable privacy protection method that can protect privacy for a single piece of data. But existing differential privacy online learning methods have great limitations in the scope of application and accuracy. Aiming at this problem, we propose a more general and accurate algorithm, named DPOL-CT, for differential privacy online learning. We first distinguish the difference in differential privacy protection between offline learning and online learning. Then we prove that the DPOL-CT algorithm achieves (∊, δ)-differential privacy for online learning under the Gaussian, the Laplace and the Staircase mechanisms and enjoys a sublinear expected regret bound. We further discuss the trade-off between the differential privacy level and the regret bound. Theoretical analysis and experimental results show that the DPOL-CT algorithm has good performance guarantees.

In this article, the security problem in cyber-physical systems (CPSs) against denial-of-service (DoS) attacks is studied from the perspectives of the designs of communication topology and distributed controller. To resist the DoS attacks, a new construction algorithm of the k-connected communication topology is developed based on the proposed necessary and sufficient criteria of the k-connected graph. Furthermore, combined with the k-connected topology, a distributed event-triggered controller is designed to guarantee the consensus of CPSs under mode-switching DoS (MSDoS) attacks. Different from the existing distributed control schemes, a new technology, that is, the extended Laplacian matrix method, is combined to design the distributed controller independent on the knowledge and the dwell time of DoS attack modes. Finally, the simulation example illustrates the superiority and effectiveness of the proposed construction algorithm and a distributed control scheme.

In recent years, smart grid has gradually become the common development trend of the world's power industry, and its security issues are increasingly valued by researchers. Smart grids have applied technologies such as physical control, data encryption, and authentication to improve their security, but there is still a lack of timely and effective detection methods to prevent the grid from being threatened by malicious intrusions. Aiming at this problem, a model based on machine learning to detect smart grid DoS attacks has been proposed. The model first collects network data, secondly selects features and uses PCA for data dimensionality reduction, and finally uses SVM algorithm for abnormality detection. By testing the SVM, Decision Tree and Naive Bayesian Network classification algorithms on the KDD99 dataset, it is found that the SVM model works best.

The development of IPv6-based wireless local area networks is becoming increasingly mature, and it has defined no less than different standards to meet the needs of different applications. Wireless home networks are widely used because they can be seamlessly connected to daily life, especially smart home devices linked to it. There are certain security issues with smart home devices deployed in wireless home networks, such as data tampering and leakage of sensitive information. This paper proposes a smart home management system based on IPv6 wireless home network, and develops a prototype system deployed on mobile portable devices. Through this system, different roles in the wireless home network can be dynamically authorized and smart home resources can be allocated to achieve the purpose of access control and management.

We use potential fields tuned by genetic algorithms to dynamically reconFigure unmanned aerial vehicles networks to serve user bandwidth needs. Such flying network base stations have applications in the many domains needing quick temporary networked communications capabilities such as search and rescue in remote areas and security and defense in overwatch and scouting. Starting with an initial deployment that covers an area and discovers how users are distributed across this area of interest, tuned potential fields specify subsequent movement. A genetic algorithm tunes potential field parameters to reposition UAVs to create and maintain a mesh network that maximizes user bandwidth coverage and network lifetime. Results show that our evolutionary adaptive network deployment algorithm outperforms the current state of the art by better repositioning the unmanned aerial vehicles to provide longer coverage lifetimes while serving bandwidth requirements. The parameters found by the genetic algorithm on four training scenarios with different user distributions lead to better performance than achieved by the state of the art. Furthermore, these parameters also lead to superior performance in three never before seen scenarios indicating that our algorithm finds parameter values that generalize to new scenarios with different user distributions.

Blockchains and distributed ledgers have brought renewed interest in Byzantine fault-tolerant protocols and decentralized systems, two domains studied for several decades. Recent promising works have in particular proposed to use epidemic protocols to overcome the limitations of popular Blockchain mechanisms, such as proof-of-stake or proof-of-work. These works unfortunately assume a perfect peer-sampling service, immune to malicious attacks, a property that is difficult and costly to achieve. We revisit this fundamental problem in this paper, and propose a novel Byzantine-tolerant peer-sampling service that is resilient to Sybil attacks in open systems by exploiting the underlying structure of wide-area networks.

Cryptography is a powerful means of delivering information in a secure manner. Over the years, many image encryption algorithms have been proposed based on the chaotic system to protect the digital image against cryptography attacks. In chaotic encryption, it jumbles the image to vary the framework of the image. This makes it difficult for the attacker to retrieve the original image. This paper introduces an efficient image encryption algorithm incorporating the genetic algorithm, bit plane slicing and bit plane rotation of the digital image. The digital image is sliced into eight planes and each plane is well rotated to give a fully encrypted image after the application of the Genetic Algorithm on each pixel of the image. This makes it less prone to attacks. For decryption, we perform the operations in the reverse order. The performance of this algorithm is measured using various similarity measures like Structural Similarity Index Measure (SSIM). The results exhibit that the proposed scheme provides a stronger level of encryption and an enhanced security level.

Researchers have demonstrated the effectiveness of self-explanations (SE) as an instructional practice and study strategy. However, there is a lack of work studying the characteristics of SE responses prompted by collaborative activities. In this paper, we use writing analytics to investigate differences between SE text responses resulting from individual versus collaborative learning activities. A Coh-Metrix analysis suggests that students in the collaborative SE activity demonstrated a higher level of comprehension. Future research should explore how writing analytics can be incorporated into CSCL systems to support student performance of SE activities.

Wireless Personal Area Network is widely used in day to day life. It might be a static or dynamic environment. As the density of the nodes increases it becomes difficult to handle the situation. The need of multiple sensor node technology in a desired environment without congestion is required. The use of autonomic network provides one such solution. The autonomicity combines the local automate and address agnostic features that controls the congestion resulting in improved throughput, fault tolerance and also with unicast and multicast packets delivery. The algorithm LA based ANA in a Bluetooth based dynamic environment provide 20% increase in throughput compared with LACAS based Wireless Sensor Network. The LA based ANA leads with 10% lesser fault tolerance levels and extended unicast and multi-cast packet delivery.

Wireless networking opens up many opportunities to facilitate miniaturized robots in collaborative tasks, while the openness of wireless medium exposes robots to the threats of Sybil attackers, who can break the fundamental trust assumption in robotic collaboration by forging a large number of fictitious robots. Recent advances advocate the adoption of bulky multi-antenna systems to passively obtain fine-grained physical layer signatures, rendering them unaffordable to miniaturized robots. To overcome this conundrum, this paper presents ScatterID, a lightweight system that attaches featherlight and batteryless backscatter tags to single-antenna robots to defend against Sybil attacks. Instead of passively "observing" signatures, ScatterID actively "manipulates" multipath propagation by using backscatter tags to intentionally create rich multipath features obtainable to a single-antenna robot. These features are used to construct a distinct profile to detect the real signal source, even when the attacker is mobile and power-scaling. We implement ScatterID on the iRobot Create platform and evaluate it in typical indoor and outdoor environments. The experimental results show that our system achieves a high AUROC of 0.988 and an overall accuracy of 96.4% for identity verification.

In this fifth generation of vehicular communication, the security against various malicious attacks are achieved by using malicious vehicles identification and trust management (MAT) algorithm. Basically, the proposed MAT algorithm performs in two dimensions, they are (i) Node trust and (ii) information trust accompanied with a digital signature and hash chain concept. In node trust, the MAT algorithm introduces the special form of key exchanging algorithm to every members of public group key, and later the vehicles with same target location are formed into cluster. The public group key is common for each participant but everyone maintain their own private key to produce the secret key. The proposed MAT algorithm, convert the secrete key into some unique form that allows the CMs (cluster members) to decipher that secrete key by utilizing their own private key. This key exchanging algorithm is useful to prevent the various attacks, like impersonate attack, man in middle attack, etc. In information trust, the MAT algorithm assigns some special nodes (it has common distance from both vehicles) for monitoring the message forwarding activities as well as routing behavior at particular time. This scheme is useful to predict an exact intruder and after time out the special node has dropped all the information. The proposed MAT algorithm accurately evaluates the trustworthiness of each node as well as information to control different attacks and become efficient for improving a group lifetime, stability of cluster, and vehicles that are located on their target place at correct time.

The IPv6 over Low-power Wireless Personal Area Network (6LoWPAN) has been standardized to support IP over lossy networks. RPL (Routing Protocol for Low-Power and Lossy Networks) is the common routing protocol for 6LoWPAN. Among various attacks on RPL-based networks, the wormhole attack may cause severe network disruption and is one of the hardest to detect. We have designed and implemented in ContikiOS a wormhole detection technique for 6LoWPAN, that uses round-trip times and hop counts. In addition, the performance of this technique has been evaluated in terms of power, CPU, memory, and communication overhead.

IP geolocation technology is widely adopted in network security, privacy protection, online advertising, etc. However, existing IP geolocation methods are vulnerable to delay inflation, which reduces their reliability and applicability, especially in weakly connected networks. To solve this problem, a ranking nodes based IP geolocation method (RNBG) is proposed. RNBG leverages the scale-free nature of complex networks to find a few important and stable nodes in networks. And then these nodes are used in the geolocation of IPs in different regions. Experimental results in China and the US show that RNBG can achieve high accuracy even in weakly connected network. Compared with typical methods, the geolocation accuracy is increased by 2.60%-14.27%, up to 97.55%.

Due to the network topology high dynamic changes, the number of ground users and the impact of uneven traffic, the load difference between SDN-based satellite network controllers varies widely, which will cause network performance such as network delay and throughput to drop dramatically. Aiming at the above problems, a multi-controller optimized deployment strategy of satellite network based on SDN was proposed. First, the controller's load state is divided into four types: overload state, high load state, normal state, and idle state; second, when a controller in the network is idle, the switch under its jurisdiction is migrated to the adjacent low load controller and turn off the controller to reduce waste of resources. When the controller is in a high-load state and an overload state, consider both the controller and the switch, and migrate the high-load switch to the adjacent low-load controller. Balance the load between controllers, improve network performance, and improve network performance and network security. Simulation results show that the method has an average throughput improvement of 2.7% and a delay reduction of 3.1% compared with MCDALB and SDCLB methods.

In agriculture, farmers are the most important entity. For supporting farmers in increasing productivity and efficiency, the government offers subsidies, loans, insurances, and so on. This paper explores the usage of Blockchain technology for securing farmer's data in the Indian scenario. The farmer needs to register through the multiple official registration systems for availing different schemes and information provided by the country. The personnel and crop-based details of each farmer are collected at the time of registration. The filing also helps in providing better services to farmers like connecting farmers and traders to ensure a fair price for quality crops, advice to farmers of agricultural practices and location. In this paper, a blockchain-based farmer's data securing system is proposed to provide data provenance and transparency of the information entered in the system. While registering, the data is collected, and it is verified. A single verified record of farmers accessed by various government agriculture departments were designed using the Hyperledger fabric framework.

We propose a multipartite quantum communication network (QCN) based on surface codes (SCs). We describe how simultaneously to entangle multiple nodes in an arbitrary network topology by employing the SCs. We further describe how to extend the transmission distance between arbitrary two nodes by using the SCs as well. Finally, we describe how to operate the proposed QCN by employing the SDN concept.

Dynamic spectrum access (DSA) is a promising platform to solve the spectrum shortage problem, in which auction based mechanisms have been extensively studied due to good spectrum allocation efficiency and fairness. Recently, Sybil attacks were introduced in DSA, and Sybil-proof spectrum auction mechanisms have been proposed, which guarantee that each single secondary user (SU) cannot obtain a higher utility under more than one fictitious identities. However, existing Sybil-poof spectrum auction mechanisms achieve only Sybil-proofness for SUs, but not for primary users (PUs), and simulations show that a cheating PU in those mechanisms can obtain a higher utility by Sybil attacks. In this paper, we propose TSUNAMI, the first Truthful and primary user Sybil-proof aUctioN mechAnisM for onlIne spectrum allocation. Specifically, we compute the opportunity cost of each SU and screen out cost-efficient SUs to participate in spectrum allocation. In addition, we present a bid-independent sorting method and a sequential matching approach to achieve primary user Sybil-proofness and 2-D truthfulness, which means that each SU or PU can gain her maximal utility by bidding with her true valuation of spectrum. We evaluate the performance and validate the desired properties of our proposed mechanism through extensive simulations.

ARtect is an Augmented Reality application developed with Unity 3D, which envisions an educational interactive and immersive tool for architects, designers, researchers, and artists. This digital instrument renders the competency to visualize custom-made 3D models and 2D graphics in interior and exterior environments. The user-friendly interface offers an accurate insight before the materialization of any architectural project, enabling evaluation of the design proposal. This practice could be integrated into learning architectural design process, saving resources of printed drawings, and 3D carton models during several stages of spatial conception.

The new generation of digital services are natively conceived as an ordered set of Virtual Network Functions, deployed across boundaries and organizations. In this context, security threats, variable network conditions, computational and memory capabilities and software vulnerabilities may significantly weaken the whole service chain, thus making very difficult to combat the newest kinds of attacks. It is thus extremely important to conceive a flexible (and standard-compliant) framework able to attest the trustworthiness and the reliability of each single function of a Service Function Chain. At the time of this writing, and to the best of authors knowledge, the scientific literature addressed all of these problems almost separately. To bridge this gap, this paper proposes a novel methodology, properly tailored within the ETSI-NFV framework. From one side, Software-Defined Controllers continuously monitor the properties and the performance indicators taken from networking domains of each single Virtual Network Function available in the architecture. From another side, a high-level orchestrator combines, on demand, the suitable Virtual Network Functions into a Service Function Chain, based on the user requests, targeted security requirements, and measured reliability levels. The paper concludes by further explaining the functionalities of the proposed architecture through a use case.

Controller Area Network is the prominent communication protocol in automotive systems. Its salient features of arbitration, message filtering, error detection, data consistency and fault confinement provide robust and reliable architecture. Despite of this, it lacks security features and is vulnerable to many attacks. One of the common attacks over the CAN communication is the replay attack. It can happen even after the implementation of encryption or authentication. This paper proposes a methodology of supressing the replay attacks by implementing authenticated encryption embedded with timestamp and pre-shared initialisation vector as a primary key. The major advantage of this system is its flexibility and configurability nature where in each layer can be chosen with the help of cryptographic algorithms to up to the entire size of the keys.

DDoS attacks are the most commonly performed cyber-attacks with a motive to suspend the target services and making them unavailable to users. A recent attack on Github, explains that the traffic was traced back to ``over a thousand different autonomous systems across millions of unique endpoints''. Generally, there are various types of DDoS attacks and each attack uses a different protocol and attacker uses a botnet to execute such attacks. Hence, it will be very difficult for organizations to deal with these attacks and going for third parties to secure themselves from DDoS attacks. In order to eliminate the third parties. Our proposed system uses machine learning algorithms to identify the incoming packet is malicious or not and use Blockchain technology to store the Blacklist. The key benefit of Blockchain is that blacklisted IP addresses are effectively stored, and usage of such infrastructure provides an advantage of extra security mechanism over existing DDoS mitigation systems. This paper has evaluated three different algorithms, such as the KNN Classifier, the Decision Tree Classifier, Random Forest algorithm to find out the better classifying algorithm. Tree Based Classifier technique used for Feature Selection to boost the computational time. Out of the three algorithms, Random Forest provides an accuracy about 95 % in real-time traffic analysis.

The dynamicity and complexity of clouds highlight the importance of automated root cause analysis solutions for explaining what might have caused a security incident. Most existing works focus on either locating malfunctioning clouds components, e.g., switches, or tracing changes at lower abstraction levels, e.g., system calls. On the other hand, a management-level solution can provide a big picture about the root cause in a more scalable manner. In this paper, we propose DOMINOCATCHER, a novel provenance-based solution for explaining the root cause of security incidents in terms of management operations in clouds. Specifically, we first define our provenance model to capture the interdependencies between cloud management operations, virtual resources and inputs. Based on this model, we design a framework to intercept cloud management operations and to extract and prune provenance metadata. We implement DOMINOCATCHER on OpenStack platform as an attached middleware and validate its effectiveness using security incidents based on real-world attacks. We also evaluate the performance through experiments on our testbed, and the results demonstrate that DOMINOCATCHER incurs insignificant overhead and is scalable for clouds.