Biblio

Efficiency is essential to support responsiveness w.r.t. ever-growing datasets, especially for Deep Learning (DL) systems. DL frameworks have traditionally embraced deferred execution-style DL code that supports symbolic, graph-based Deep Neural Network (DNN) computation. While scalable, such development tends to produce DL code that is error-prone, non-intuitive, and difficult to debug. Consequently, more natural, less error-prone imperative DL frameworks encouraging eager execution have emerged at the expense of run-time performance. While hybrid approaches aim for the “best of both worlds,” the challenges in applying them in the real world are largely unknown. We conduct a data-driven analysis of challenges-and resultant bugs-involved in writing reliable yet performant imperative DL code by studying 250 open-source projects, consisting of 19.7 MLOC, along with 470 and 446 manually examined code patches and bug reports, respectively. The results indicate that hybridization: (i) is prone to API misuse, (ii) can result in performance degradation-the opposite of its intention, and (iii) has limited application due to execution mode incompatibility. We put forth several recommendations, best practices, and anti-patterns for effectively hybridizing imperative DL code, potentially benefiting DL practitioners, API designers, tool developers, and educators.

Open Source Software plays an important role in many software ecosystems. Whether in operating systems, network stacks, or as low-level system drivers, software we encounter daily is permeated with code contributions from open source projects. Decentralized development and open collaboration in open source projects introduce unique challenges: code submissions from unknown entities, limited personpower for commit or dependency reviews, and bringing new contributors up-to-date in projects’ best practices & processes.In 27 in-depth, semi-structured interviews with owners, maintainers, and contributors from a diverse set of open source projects, we investigate their security and trust practices. For this, we explore projects’ behind-the-scene processes, provided guidance & policies, as well as incident handling & encountered challenges. We find that our participants’ projects are highly diverse both in deployed security measures and trust processes, as well as their underlying motivations. Based on our findings, we discuss implications for the open source software ecosystem and how the research community can better support open source projects in trust and security considerations. Overall, we argue for supporting open source projects in ways that consider their individual strengths and limitations, especially in the case of smaller projects with low contributor numbers and limited access to resources.

This article analyzes Risk management (RM) activities against different ISO standards. The aim is to improve the coordination and interoperability of risk management activities in IT, IT services management, quality management, project management, and information security management. The ISO 31000: 2018 standard was chosen as a structured input for ISO 20000-1: 2018, ISO 21500: 2021, ISO 27000: 2018, ISO 9001: 2015 and ISO Annex SL standards relative to RM. The PDCA cycle has been chosen as one of the main methods for planning, implementing, and improving quality management systems and their processes. For a management system to be more effective, more reliable, and capable of preventing negative results, it must deal with the possible resulting risks.

An IDS is a system that helps in detecting any kind of doubtful activity on a computer network. It is capable of identifying suspicious activities at both the levels i.e. locally at the system level and in transit at the network level. Since, the system does not have its own dataset as a result it is inefficient in identifying unknown attacks. In order to overcome this inefficiency, we make use of ML. ML assists in analysing and categorizing attacks on diverse datasets. In this study, the efficacy of eight machine learning algorithms based on KDD CUP99 is assessed. Based on our implementation and analysis, amongst the eight Algorithms considered here, Support Vector Machine (SVM), Random Forest (RF) and Decision Tree (DT) have the highest testing accuracy of which got SVM does have the highest accuracy

Virtual Private Networks (VPNs) have become a communication medium for accessing information, data exchange and flow of information. Many organizations require Intranet or VPN, for data access, access to servers from computers and sharing different types of data among their offices and users. A secure VPN environment is essential to the organizations to protect the information and their IT infrastructure and their assets. Every organization needs to protect their computer network environment from various malicious cyber threats. This paper presents a comprehensive network security management which includes significant strategies and protective measures during the management of a VPN in an organization. The paper also presents the procedures and necessary counter measures to preserve the security of VPN environment and also discussed few Identified Security Strategies and measures in VPN. It also briefs the Network Security and their Policies Management for implementation by covering security measures in firewall, visualized security profile, role of sandbox for securing network. In addition, a few identified security controls to strengthen the organizational security which are useful in designing a secure, efficient and scalable VPN environment, are also discussed.

Scanning Transmission Electron Microscopy (STEM) offers high-resolution images that are used to quantify the nanoscale atomic structure and composition of materials and biological specimens. In many cases, however, the resolution is limited by the electron beam damage, since in traditional STEM, a focused electron beam scans every location of the sample in a raster fashion. In this paper, we propose a scanning method based on the theory of Compressive Sensing (CS) and subsampling the electron probe locations using a line hop sampling scheme that significantly reduces the electron beam damage. We experimentally validate the feasibility of the proposed method by acquiring real CS-STEM data, and recovering images using a Bayesian dictionary learning approach. We support the proposed method by applying a series of masks to fully-sampled STEM data to simulate the expectation of real CS-STEM. Finally, we perform the real data experimental series using a constrained-dose budget to limit the impact of electron dose upon the results, by ensuring that the total electron count remains constant for each image.

In today's era, the smart grid is the carrier of the new energy technology revolution and a very critical development stage for grid intelligence. In the process of smart grid operation, maintenance and maintenance, many heterogeneous and polymorphic data can be formed, that is to say big data. This paper analyzes the power big data prediction technology for smart grid applications, and proposes practical application strategies In this paper, an in-depth analysis of the relationship between cloud computing and big data key technologies and smart grid is carried out, and an overview of the key technologies of electric power big data is carried out.

In order to prevent malicious environment, more and more applications use anti-sandbox technology to detect the running environment. Malware often uses this technology against analysis, which brings great difficulties to the analysis of applications. Research on anti-sandbox countermeasure technology based on application virtualization can solve such problems, but there is no good solution for sensor simulation. In order to prevent detection, most detection systems can only use real device sensors, which brings great hidden dangers to users’ privacy. Aiming at this problem, this paper proposes and implements a sensor anti-sandbox countermeasure technology for Android system. This technology uses the CNN-LSTM model to identify the activity of the real machine sensor data, and according to the recognition results, the real machine sensor data is classified and stored, and then an automatic data simulation algorithm is designed according to the stored data, and finally the simulation data is sent back by using the Hook technology for the application under test. The experimental results show that the method can effectively simulate the data characteristics of the acceleration sensor and prevent the triggering of anti-sandbox behaviors.

The distributed energy resources (DERs) have significantly stimulated the development of decentralized energy system and changed the way how the energy system works. In recent years, peer-to-peer (P2P) trading has drawn attention as a promising alternative for prosumers to engage with the energy market more actively, particular by using the emerging blockchain technology. Blockchain can securely hold critical information and store data in blocks linking with chain, providing a desired platform for the P2P energy trading. This paper provides a detailed description of blockchain-enabled P2P energy trading, its essential components, and how it can be implemented within the local energy market An analysis of potential threats during blockchain-enabled P2P energy trading is also performed, which subsequently results in a list of operation and privacy requirements suggested to be implemented in the local energy market.

Cooperative Intelligent Transportation System (CITS) has been introduced recently to increase road safety, traffic efficiency, and to enable various infotainment and comfort applications and services. To this end, a bunch technologies have been deployed to maintain and promote ITS. In essence, ITS is composed of vehicles, roadside infrastructure, and the environment that includes pedestrians, and other entities. Recently, several solutions were suggested to handle with the challenges faced by the vehicular networks (VN) using future internet architectures. One of the promising solutions proposed recently is Vehicular Fog computing (VFC), an attractive solution that supports sensitive service requests considering factors such as latency, mobility, localization, and scalability. VFC also provides a virtual platform for real-time big data analytic using servers or vehicles as a fog infrastructure. This paper surveys the general fog computing (FC) concept, the VFC architectures, and the key characteristics of several intelligent computing applications. We mainly focus on trust and security challenges in VFC deployment and real-time BD analytic in vehicular environment. We identify the faced challenges and future research directions in VFC and we highlight the research gap that can be exploited by researchers and vehicular manufactures while designing a new secure VFC architecture.

Connected Autonomous Vehicle (CAV) applications have shown the promise of transformative impact on road safety, transportation experience, and sustainability. However, they open large and complex attack surfaces: an adversary can corrupt sensory and communication inputs with catastrophic results. A key challenge in development of security solutions for CAV applications is the lack of effective infrastructure for evaluating such solutions. In this paper, we address the problem by designing an automated, flexible evaluation infrastructure for CAV security solutions. Our tool, CAVELIER, provides an extensible evaluation architecture for CAV security solutions against compromised communication and sensor channels. The tool can be customized for a variety of CAV applications and to target diverse usage models. We illustrate the framework with a number of case studies for security resiliency evaluation in Cooperative Adaptive Cruise Control (CACC).

An approach to substantiating the choice of a discipline for the maintenance of a redundant computer system, with the possible use of node resources saved after failures, is considered. The choice is aimed at improving the reliability and profitability of the system, taking into account the operational costs of restoring nodes. Models of reliability of systems with service disciplines are proposed, providing both the possibility of immediate recovery of nodes after failures, and allowing degradation of the system when using node resources stored after failures in it. The models take into account the conditions of the admissibility or inadmissibility of the loss of information accumulated during the operation of the system. The operating costs are determined, taking into account the costs of restoring nodes for the system maintenance disciplines under consideration

The WSN nodes are arranged uniformly or randomly on the area of need for gathering the required data. The admin utilizes wireless broadband networks to connect to the Internet and acquire the required data from the base station (BS). However, these sensor nodes play a significant role in a variety of professional and industrial domains, but some of the concerns stop the growth of WSN, such as memory, transmission, battery power and processing power. The most significant issue with these restrictions is to increase the energy efficiency for WSN with rapid and trustworthy data transfer. In this designed model, the sensor nodes are clustered using the FCM (Fuzzy C-Means) clustering algorithm with the Reptile Search Optimization (RSO) for finding the centre of the cluster. The cluster head is determined by using African vulture optimization (AVO). For selecting the path of data transmission from the cluster head to the base station, the adaptive relay nodes are selected using the Fuzzy rule. These data from the base station are given to the server with a DNA cryptography encryption algorithm for secure data transmission. The performance of the designed model is evaluated with specific parameters such as average residual energy, throughput, end-to-end delay, information loss and execution time for a secure and energy-efficient routing protocol. These evaluated values for the proposed model are 0.91 %, 1.17Mbps, 1.76 ms, 0.14 % and 0.225 s respectively. Thus, the resultant values of the proposed model show that the designed clustering-based routing protocol using FCM-RSOA and DNA cryptography for smart building performs better compared to the existing techniques.

MCI patients can be benefited from cognitive training programs to improve their cognitive capabilities or delay the decline of cognition. This paper evaluated three types of commonly seen categories of cognitive training programs (non-computerized / traditional cognitive training (TCT), computerized cognitive training (CCT), and virtual/augmented reality cognitive training (VR/AR CT)) based on six aspects: stimulation strength, user-friendliness, expandability, customizability/personalization, convenience, and motivation/atmosphere. In addition, recent applications of each type of CT were offered. Finally, a conclusion in which no single CT outperformed the others was derived, and the most applicable scenario of each type of CT was also provided.

Conversational Intelligent Tutoring Systems (CITS) in learning environments are capable of providing personalized instruction to students in different domains, to improve the learning process. This interaction between the Intelligent Tutoring System (ITS) and the user is carried out through dialogues in natural language. In this study, we use an open source framework called Rasa to adapt the original button-based user interface of an algebraic/arithmetic word problem-solving ITS to one based primarily on the use of natural language. We conducted an empirical study showing that once properly trained, our conversational agent was able to recognize the intent related to the content of the student’s message with an average accuracy above 0.95.

The modern networking world is being exposed to many risks more frequently every day. Most of systems strongly rely on remaining anonymous throughout the whole endpoint exploitation process. Covert channels represent risk since they ex-ploit legitimate communications and network protocols to evade typical filtering. This firewall avoidance sees covert channels frequently used for malicious communication of intruders with systems they compromised, and thus a real threat to network security. While there are commercial tools to safeguard computer networks, novel applications such as automotive connectivity and V2X present new challenges. This paper focuses on the analysis of the recent ways of using covert channels and detecting them, but also on the state-of-the-art possibilities of protection against them. We investigate observing the timing covert channels behavior simulated via injected ICMP traffic into standard network communications. Most importantly, we concentrate on enhancing firewall with detection and prevention of such attack built-in features. The main contribution of the paper is design for detection timing covert channel threats utilizing detection methods based on statistical analysis. These detection methods are combined and implemented in one program as a simple host-based intrusion detection system (HIDS). As a result, the proposed design can analyze and detect timing covert channels, with the addition of taking preventive measures to block any future attempts to breach the security of an end device.

Automatic Identification System (AIS) plays a leading role in maritime navigation, traffic control, local and global maritime situational awareness. Today, the reliable and secure AIS operation is threatened by probable cyber attacks such as imitation of ghost vessels, false distress or security messages, or fake virtual aids-to-navigation. We propose a method for ensuring the authentication and integrity of AIS messages based on the use of the Message Authentication Code scheme and digital watermarking (WM) technology to organize an additional tag transmission channel. The method provides full compatibility with the existing AIS functionality.

Controller Area Network with Flexible Data-rate(CAN FD) has the advantages of high bandwidth and data field length to meet the higher communication requirements of parallel in-vehicle applications. If the CAN FD lacking the authentication security mechanism is used, it is easy to make it suffer from masquerade attack. Therefore, a two-stage method based on message authentication is proposed to enhance the security of it. In the first stage, an anti-exhaustive message exchange and comparison algorithm is proposed. After exchanging the message comparison sequence, the lower bound of the vehicle application and redundant message space is obtained. In the second stage, an enhanced round accumulation algorithm is proposed to enhance security, which adds Message Authentication Codes(MACs) to the redundant message space in a way of fewer accumulation rounds. Experimental examples show that the proposed two-stage approach enables both small-scale and large-scale parallel in-vehicle applications security to be enhanced. Among them, in the Adaptive Cruise Control Application(ACCA), when the laxity interval is 1300μs, the total increased MACs is as high as 388Bit, and the accumulation rounds is as low as 40 rounds.

A considerable portion of computing power is always required to perform symbolic calculations. The reliability and effectiveness of algorithms are two of the most significant challenges observed in the field of scientific computing. The terms “feasible calculations” and “feasible computations” refer to the same idea: the algorithms that are reliable and effective despite practical constraints. This research study intends to investigate different types of computing and modelling challenges, as well as the development of efficient integration methods by considering the challenges before generating the accurate results. Further, this study investigates various forms of errors that occur in the process of data integration. The proposed framework is based on automata, which provides the ability to investigate a wide-variety of distinct distance-bounding protocols. The proposed framework is not only possible to produce computational (in)security proofs, but also includes an extensive investigation on different issues such as optimal space complexity trade-offs. The proposed framework in embedded with the already established symbolic framework in order to get a deeper understanding of distance-bound security. It is now possible to guarantee a certain level of physical proximity without having to continually mimic either time or distance.

Although 6LoWPAN has brought about a revolutionary leap in networking for Low-power Lossy Networks, challenges still exist, including security concerns that are yet to answer. The most common type of attack on 6LoWPANs is the network layer, especially routing attacks, since the very members of a 6LoWPAN network have to carry out packet forwarding for the whole network. According to the initial purpose of IoT, these nodes are expected to be resource-deficient electronic devices with an utterly stochastic time pattern of attachment or detachment from a network. This issue makes preserving their authenticity or identifying their malignity hard, if not impossible. Since 6LoWPAN is a successor and a hybrid of previously developed wireless technologies, it is inherently prone to cyber-attacks shared with its predecessors, especially Wireless Sensor Networks (WSNs) and WPANs. On the other hand, multiple attacks have been uniquely developed for 6LoWPANs due to the unique design of the network layer protocol of 6LoWPANs known as RPL. While there exist publications about attacks on 6LoWPANs, a comprehensive survey exclusively on RPL-specific attacks is felt missing to bold the discrimination between the RPL-specific and non-specific attacks. Hence, the urge behind this paper is to gather all known attacks unique to RPL in a single volume.

The object of the research is distributed software-defined storage systems, as well as methods of caching disk devices. It is important for improving the performance of storage systems, which is relevant in modern conditions. In this article, an assessment of the possibility of improving performance through the use of various caching methods is made, as well as experimental research and analysis of the results obtained. The parameters of the application's operation with the disk subsystem have been determined. The results of experiments are presented - testing was carried out on a deployed architecture of a distributed storage with two types of caching, the results are combined in graphs. Conclusions are drawn, including on the prospects for further research.

Named Data Networking, a future internet network architecture design that can change the network's perspective from previously host-centric to data-centric. It can reduce the network load, especially on the server part, and can provide advantages in multicast cases or re-sending of content data to users due to transmission errors. In NDN, interest messages are sent to the router, and if they are not immediately found, they will continue to be forwarded, resulting in a large load. NDNS or a DNS-Like Name Service for NDN is needed to know exactly where the content is to improve system performance. NDNS is a database that provides information about the zone location of the data contained in the network. In this study, a simulation was conducted to test the NDNS mechanism on the NDN network to support caching on the NDN network by testing various topologies with changes in the size of the content store and the number of nodes used. NDNS is outperform compared to NDN without NDNS for cache hit ratio and load parameters.

In this paper, we show that caching can aid in achieving secure communications by considering a wiretap scenario where the transmitter and legitimate receiver share access to a secure cache, and an eavesdropper is able to tap transmissions over a binary erasure wiretap channel during the delivery phase of a caching protocol. The scenario under consideration gives rise to a new channel model for wiretap coding that allows the transmitter to effectively choose a subset of bits to erase at the eavesdropper by caching the bits ahead of time. The eavesdropper observes the remainder of the coded bits through the wiretap channel for the general case. In the wiretap type-II scenario, the eavesdropper is able to choose a set of revealed bits only from the subset of bits not cached. We present a coding approach that allows efficient use of the cache to realize a caching gain in the network, and show how to use the cache to optimize the information theoretic security in the choice of a finite blocklength code and the choice of the cached bit set. To our knowledge, this is the first work on explicit algorithms for secrecy coding in any type of caching network.

The Controller Area Network (CAN) bus is the de-facto standard for connecting the Electronic Control Units (ECUs) in automobiles. However, there are serious cyber-security risks due to the lack of security mechanisms. In order to mine the vulnerabilities in CAN bus, this paper proposes CAN-FT, a fuzz testing method for automotive CAN bus, which uses a Generative Adversarial Network (GAN) based fuzzy message generation algorithm and the Adaptive Boosting (AdaBoost) based anomaly detection mechanism to capture the abnormal states of CAN bus. Experimental results on a real-world vehicle show that CAN-FT can find vulnerabilities more efficiently and comprehensively.

Capability machines such as CHERI provide memory capabilities that can be used by compilers to provide security benefits for compiled code (e.g., memory safety). The existing C to CHERI compiler, for example, achieves memory safety by following a principle called “pointers as capabilities” (PAC). Informally, PAC says that a compiler should represent a source language pointer as a machine code capability. But the security properties of PAC compilers are not yet well understood. We show that memory safety is only one aspect, and that PAC compilers can provide significant additional security guarantees for partial programs: the compiler can provide security guarantees for a compilation unit, even if that compilation unit is later linked to attacker-provided machine code.As such, this paper is the first to study the security of PAC compilers for partial programs formally. We prove for a model of such a compiler that it is fully abstract. The proof uses a novel proof technique (dubbed TrICL, read trickle), which should be of broad interest because it reuses the whole-program compiler correctness relation for full abstraction, thus saving work. We also implement our scheme for C on CHERI, show that we can compile legacy C code with minimal changes, and show that the performance overhead of compiled code is roughly proportional to the number of cross-compilation-unit function calls.