Biblio

The phenomenon known as "Internet ossification" describes the process through which certain components of the Internet’s older design have become immovable at the present time. This presents considerable challenges to the adoption of IPv6 and makes it hard to implement IP multicast services. For new applications such as data centers, cloud computing and virtualized networks, improved network availability, improved internal and external domain routing, and seamless user connectivity throughout the network are some of the advantages of Internet growth. To meet these needs, we've developed Software Defined Networking for the Future Internet (SDN). When compared to current networks, this new paradigm emphasizes control plane separation from network-forwarding components. To put it another way, this decoupling enables the installation of control plane software (such as Open Flow controller) on computer platforms that are substantially more powerful than traditional network equipment (such as switches/routers). This research describes Mininet’s routing techniques for a virtualized software-defined network. There are two obstacles to overcome when attempting to integrate SDN in an LTE/WiFi network. The first problem is that external network load monitoring tools must be used to measure QoS settings. Because of the increased demand for real-time load balancing methods, service providers cannot adopt QoS-based routing. In order to overcome these issues, this research suggests a router configuration method. Experiments have proved that the network coefficient matrix routing arrangement works, therefore it may provide an answer to the above-mentioned concerns. The Java-based SDN controller outperforms traditional routing systems by nine times on average highest sign to sound ratio. The study’s final finding suggests that the field’s future can be forecast. We must have a thorough understanding of this emerging paradigm to solve numerous difficulties, such as creating the Future Internet and dealing with its obliteration problem. In order to address these issues, we will first examine current technologies and a wide range of current and future SDN projects before delving into the most important issues in this field in depth.

With the development of urbanization, the number of vehicles is gradually increasing, and vehicles are gradually developing in the direction of intelligence. How to ensure that the data of intelligent vehicles is not tampered in the process of transmission to the cloud is the key problem of current research. Therefore, we have established a data security transmission system based on blockchain. First, we collect and filter vehicle data locally, and then use blockchain technology to transmit key data. Through the smart contract, the key data is automatically and accurately transmitted to the surrounding node vehicles, and the vehicles transmit data to each other to form a transaction and spread to the whole network. The node data is verified through the node data consensus protocol of intelligent vehicle data security transmission system, and written into the block to form a blockchain. Finally, the vehicle user can query the transaction record through the vehicle address. The results show that we can safely and accurately transmit and query vehicle data in the blockchain database.

The Internet of Things poses some of the biggest security challenges in the present day. Companies, users and infrastructures are constantly under attack by malicious actors. Increasingly, attacks are being launched by hacking into one vulnerable device and hence disabling entire networks resulting in great loss. A strong identity management framework can help better protect these devices by issuing a unique identity and managing the same through its lifecycle. Identity of Things (IDoT) is a term that has been used to describe the importance of device identities in IoT networks. Since the traditional identity and access management (IAM) solutions are inadequate in managing identities for IoT, the Identity of Things (IDoT) is emerging as the solution for issuance of Identities to every type of device within the IoT IAM infrastructure. This paper presents the survey of recent research works proposed in the area of device identities and various commercial solutions offered by organizations specializing in IoT device security.

Traditional side-channel attacks have shortcomings such as low efficiency, extremely difficult collection and injection of fault information in real environments, and poor applicability of attacks. The cache timing attack proposed in recent years is a new type of side-channel attack method. This attack method uses the difference in the reading speed of the computer CPU cache to enable the attacker to obtain the confidential information during the execution of the algorithm. The attack efficiency is high, and the cost is relatively low. little. Present algorithm is a lightweight block cipher proposed in 2007. The algorithm has excellent hardware implementation and concise round function design. On this basis, scholars at home and abroad have carried out different side-channel attacks on it, such as differential attacks., multiple differential chain attacks, algebraic attacks, etc. At present, there is no published research on the Cache timing attack against the Present algorithm at home and abroad. In this paper, the output value of the S box in the first and second rounds of the encryption process is obtained through the combination of the Cache timing attack and the side-channel Trojan horse, and Combined with the key recovery algorithm, the master key of the algorithm is finally recovered.

It is proposed to address existing methodological issues in the educational process with the development of intellectual technologies and knowledge representation systems to improve the efficiency of higher education institutions. For this purpose, the structure of relational database is proposed, it will store the information about defended dissertations in the form of a set of attributes (heuristics), representing the mandatory qualification attributes of theses. An inference algorithm is proposed to process the information. This algorithm represents an artificial intelligence, its work is aimed at generating queries based on the applicant preferences. The result of the algorithm's work will be a set of choices, presented in ranked order. Given technologies will allow applicants to quickly become familiar with known scientific results and serve as a starting point for new research. The demand for co-researcher practice in solving the problem of updating the projective thinking methodology and managing the scientific research process has been justified. This article pays attention to the existing parallels between the concepts of technical and human sciences in the framework of their convergence. The concepts of being (economic good and economic utility) and the concepts of consciousness (humanitarian economic good and humanitarian economic utility) are used to form projective thinking. They form direct and inverse correspondences of technology and humanitarian practice in the techno-humanitarian mathematical space. It is proposed to place processed information from the language of context-free formal grammar dissertation abstracts in this space. The principle of data manipulation based on formal languages with context-free grammar allows to create new structures of subject areas in terms of applicants' preferences.It is believed that the success of applicants’ work depends directly on the cognitive training of applicants, which needs to be practiced psychologically. This practice is based on deepening the objectivity and adequacy qualities of obtaining information on the basis of heuristic methods. It requires increased attention and development of intelligence. The paper studies the use of heuristic methods by applicants to find new research directions leads to several promising results. These results can be perceived as potential options in future research. This contributes to an increase in the level of retention of higher education professionals.

In construction machinery, connectivity delivers higher advantages in terms of higher productivity, lower costs, and most importantly safer work environment. As the machinery grows more dependent on internet-connected technologies, data security and product cybersecurity become more critical than ever. These machines have more cyber risks compared to other automotive segments since there are more complexities in software, larger after-market options, use more standardized SAE J1939 protocol, and connectivity through long-distance wireless communication channels (LTE interfaces for fleet management systems). Construction machinery also operates throughout the day, which means connected and monitored endlessly. Till today, construction machinery manufacturers are investigating the product cybersecurity challenges in threat monitoring, security testing, and establishing security governance and policies. There are limited security testing methodologies on SAE J1939 CAN protocols. There are several testing frameworks proposed for fuzz testing CAN networks according to [1]. This paper proposes security testing methods (Fuzzing, Pen testing) for in-vehicle communication protocols in construction machinery.

One of the significant difficulties in network safety is the arrangement of a mechanized and viable digital danger's location strategy. This paper presents an AI procedure for digital dangers recognition, in light of fake neural organizations. The proposed procedure changes large number of gathered security occasions over to singular occasion profiles and utilize a profound learning-based discovery strategy for upgraded digital danger identification. This research work develops an AI-SIEM framework dependent on a blend of occasion profiling for information preprocessing and distinctive counterfeit neural organization techniques by including FCNN, CNN, and LSTM. The framework centers around separating between obvious positive and bogus positive cautions, consequently causing security examiners to quickly react to digital dangers. All trials in this investigation are performed by creators utilizing two benchmark datasets (NSLKDD and CICIDS2017) and two datasets gathered in reality. To assess the presentation correlation with existing techniques, tests are carried out by utilizing the five ordinary AI strategies (SVM, k-NN, RF, NB, and DT). Therefore, the exploratory aftereffects of this examination guarantee that our proposed techniques are fit for being utilized as learning-based models for network interruption discovery and show that despite the fact that it is utilized in reality, the exhibition beats the traditional AI strategies.

Nowadays security of shared resources and big data is an important and critical issue. With the growth of information technology and social networks, data and resources are shared in the distributed environment such as cloud and fog computing. Various access control models protect the shared resources from unauthorized users or malicious intruders. Despite the attribute-based access control model that meets the complex security requirement of todays' new computing technologies, considerable anomalies and conflicts in ABAC policies affect the efficiency of the security system. One important and toughest task is policy validation thus to detect and eliminate anomalies and conflicts in policies. Though the previous researches identified anomalies, failed to detect and analyze all considerable anomalies that results vulnerable to hacks and attacks. The primary objective of this paper is to study and analyze the possible anomalies and conflicts in ABAC security policies. We have discussed and analyzed considerable conflicts in policies based on previous researches. This paper can provide a detailed review of anomalies and conflicts in security policies.

Network Address Translation (NAT) is an address remapping technique placed at the borders of stub domains. It is present in almost all routers and CPEs. Most NAT devices implement Port Address Translation (PAT), which allows the mapping of multiple private IP addresses to one public IP address. Based on port number information, PAT matches the incoming traffic to the corresponding "hidden" client. In an enterprise context, and with the proliferation of unauthorized wired and wireless NAT routers, NAT can be used for re-distributing an Intranet or Internet connection or for deploying hidden devices that are not visible to the enterprise IT or under its oversight, thus causing a problem known as shadow IT. Thus, it is important to detect NAT devices in an intranet to prevent this particular problem. Previous methods in identifying NAT behavior were based on features extracted from traffic traces per flow. In this paper, we propose a method to identify NAT devices using a machine learning approach from aggregated flow features. The approach uses multiple statistical features in addition to source and destination IPs and port numbers, extracted from passively collected traffic data. We also use aggregated features extracted within multiple window sizes and feed them to a machine learning classifier to study the effect of timing on NAT detection. Our approach works completely passively and achieves an accuracy of 96.9% when all features are utilized.

Routing protocol for low power and lossy networks (RPL) is a fundamental routing protocol of 6LoWPAN, a centre correspondence standard for the Internet of Things. RPL outplay other wireless sensor and ad hoc routing protocols in the aspect of service (QoS), device management, and energy-saving performance. The Rank definition in RPL addresses several issues, such as path optimization, loop avoidance, and power overhead management. RPL rank and version number attacks are two types of the most common forms of RPL attacks, may have crucial ramification for RPL networks. The research directed upon these attacks includes considerable vulnerabilities and efficiency issues. The rank attack on sensor networks is perhaps the utmost common, posing a challenge to network connectivity by falling data or disrupting routing routes. This work presents a rank attack detection system focusing on RPL. Considering many of such issues a method has been proposed using spatial correlation function (SCF) and Dijkstra's algorithm considering parameters like energy and throughput.

Aiming at ensure the security and self-control of heterogeneous alliance network, this paper proposes a novel structure of identity authentication based on domestic commercial cryptography with blockchain in the heterogeneous alliance network. The domestic commercial cryptography, such as SM2, SM3, SM4, SM9 and ZUC, is adopted to solve the encryption, decryption, signature and verification of blockchain, whose key steps of data layer are solved by using domestic commercial cryptographic algorithms. In addition, it is the distributed way to produce the public key and private key for the security of the keys. Therefore, the cross domain identity authentication in the heterogeneous alliance network can be executed safely and effectively.

With meteoric advancement in quantum computing, the traditional data integrity verifying schemes are no longer safe for cloud data storage. A large number of the current techniques are dependent on expensive Public Key Infrastructure (PKI). They cost computationally and communicationally heavy for verification which do not stand with the advantages when quantum computing techniques are applied. Hence, a quantum safe and efficient integrity verification protocol is a research hotspot. Lattice-based signature constructions involve matrix-matrix or matrix vector multiplications making computation competent, simple and resistant to quantum computer attacks. Study in this paper uses Bloom Filter which offers high efficiency in query and search operations. Further, we propose an Identity-Based Integrity Verification (IBIV) protocol for cloud storage from Lattice and Bloom filter. We focus on security against attacks from Cloud Service Provider (CSP), data privacy attacks against Third Party Auditor (TPA) and improvement in efficiency.

Intrusion Detection System (IDS) is a system that could detect suspicious activity in a network. Two approaches are known for IDS, namely signature-based and anomaly-based. The anomaly-based detection method was chosen to detect suspicious and abnormal activity for the system that cannot be performed by the signature-based method. In this study, attack testing was carried out using three DoS tools, namely the LOIC, Torshammer, and Xerxes tools, with a test scenario using IDS and without IDS. From the test results that have been carried out, IDS has successfully detected the attacks that were sent, for the delivery of the most consecutive attack packages, namely Torshammer, Xerxes, and LOIC. In the detection of Torshammer attack tools on the target FTP Server, 9421 packages were obtained, for Xerxes tools as many as 10618 packages and LOIC tools as many as 6115 packages. Meanwhile, attacks on the target Web Server for Torshammer tools were 299 packages, for Xerxes tools as many as 530 packages, and for LOIC tools as many as 103 packages. The accuracy of the IDS performance results is 88.66%, the precision is 88.58% and the false positive rate is 63.17%.

With tons of efforts spent on its mitigation, Cross-site scripting (XSS) remains one of the most prevalent security threats on the internet. Decades of exploitation and remediation demonstrated that code inspection and testing alone does not eliminate XSS vulnerabilities in complex web applications with a high degree of confidence. This paper introduces Google's secure-by-design engineering paradigm that effectively prevents DOM-based XSS vulnerabilities in large-scale web development. Our approach, named API hardening, enforces a series of company-wide secure coding practices. We provide a set of secure APIs to replace native DOM APIs that are prone to XSS vulnerabilities. Through a combination of type contracts and appropriate validation and escaping, the secure APIs ensure that applications based thereon are free of XSS vulnerabilities. We deploy a simple yet capable compile-time checker to guarantee that developers exclusively use our hardened APIs to interact with the DOM. We make various of efforts to scale this approach to tens of thousands of engineers without significant productivity impact. By offering rigorous tooling and consultant support, we help developers adopt the secure coding practices as seamlessly as possible. We present empirical results showing how API hardening has helped reduce the occurrences of XSS vulnerabilities in Google's enormous code base over the course of two-year deployment.

Nowadays, video surveillance cameras are widely used in many smart city applications for ensuring road safety. We can use video data from them to solve such tasks as traffic management, driving control, environmental monitoring, etc. Most of these applications are based on object recognition and tracking algorithms. However, the video image quality is not always meet the requirements of such algorithms due to the influence of different external factors. A variety of adverse weather conditions produce noise on the images, which often makes it difficult to detect objects correctly. Lately, deep learning methods show good results in image processing, including denoising tasks. This work is devoted to the study of using these methods for image quality enhancement in difficult weather conditions such as snow, rain, fog. Different deep learning techniques were evaluated in terms of their impact on the quality of object detection/recognition. Finally, the system for automatic image denoising was developed.

There have been developed image encryption algorithm using chaotic map and DNA pseudo-symbols sequence gained on the basis of real DNA symbols. In the suggested algorithm, the address for the selecting of DNA symbols sequence from Gene Bank, encoding rule of the DNA symbols, also the initial parameters of the chaotic map are determined on the secret key basis. Image pixels modification is based on the numerical values of the chaotic points sets coordinates obtained with the chaos play description of the DNA pseudo-symbols and the transference of pixels is based on displacement table constructed with the chaotic map.

An image hiding algorithm based on bit plane and two-dimensional code is proposed in this paper. The main characteristic of information hiding is to use the information redundant data of the existing image, to embed the information into these redundant data by the information hiding algorithm, or to partially replace redundant information with information to be embedded to achieve a visual invisible purpose. We first analyze the color index usage frequency of the block index matrix in the algorithm, and calculate the distance between the color of the block index matrix with only one color and the other color in the palette that is closest to the color. Then, the QR model and the compression model are applied to improve the efficiency. We compare the proposed model with the stateof-the-art models.

Image style transfer refers to the transformation of the style of image, so that the image details are retained to the maximum extent while the style is transferred. Aiming at the problem of low clarity of style transfer images generated by CycleGAN network, this paper improves the CycleGAN network. In this paper, the network model of auto-encoder and variational auto-encoder is added to the structure. The encoding part of the auto-encoder is used to extract image content features, and the variational auto-encoder is used to extract style features. At the same time, the generating network of the model in this paper uses first to adjust the image size and then perform the convolution operation to replace the traditional deconvolution operation. The discriminating network uses a multi-scale discriminator to force the samples generated by the generating network to be more realistic and approximate the target image, so as to improve the effect of image style transfer.

Using Generative Adversarial Networks (GAN) to translate images is a significant field in computer vision. There are partial distortion, artifacts and detail loss in the images generated by current image translation algorithms. In order to solve this problem, this paper adds attention-based residual neural network to the generator of GAN. Attention-based residual neural network can improve the representation ability of the generator by weighting the channels of the feature map. Experiment results on the Facades dataset show that Attention Residual GAN can translate images with excellent quality.

This research presented a digital watermarking scheme using multi-level authentication for protecting QR code images in order to provide security and authenticity. This research focuses on the improved digital watermarking scheme for QR code security that can protect the confidentiality of the information stored in QR code images from the public. Information modification, malicious attack, and copyright violation may occur due to weak security and disclosure pattern of QR code. Digital watermarking can be a solution to reduce QR code imitation and increase QR code security and authenticity. The objectives of this research are to provide QR code image authentication and security, tamper localization, and recovery scheme on QR code images. This research proposed digital watermarking for QR code images based on multi-level authentication with Least Significant Bit (LSB) and SHA-256 hash function. The embedding and extracting watermark utilized region of Interest (ROI) and Region of Non-Interest (RONI) in the spatial domain for improving the depth and width of QR code application in the anti-counterfeiting field. The experiments tested the reversibility and robustness of the proposed scheme after a tempered watermarked QR code image. The experimental results show that the proposed scheme provides multi-level security, withstands tampered attacks and it provided high imperceptibility of QR code image.

Conversational agents (CAs) have been widely adopted for various purposes, ranging from personal assistants to health information providers. While the research on CAs is growing rapidly, less attention is paid to CAs in virtual reality (VR) environments with respect to how the design of these agents influences their trustworthiness as perceived by users, which is key to the adoption and use of VR products featuring CAs. Accordingly, this position paper conceptualizes an immersive model of user trust in CAs in VR. The model is centered around users’ sense of co-presence with CAs in VR, which is influenced by the agents’ embodiment, expressiveness, and responsiveness.

This paper investigates the impact of the delay resulting from a blockchain, a promising security measure, for a hierarchical control system of inverters connected to the grid. The blockchain communication network is designed at the secondary control layer for resilience against cyberattacks. To represent the latency in the communication channel, a model is developed based on the complexity of the blockchain framework. Taking this model into account, this work evaluates the plant’s performance subject to communication delays, introduced by the blockchain, among the hierarchical control agents. In addition, this article considers an optimal model-based control strategy that performs the system’s internal control loop. The work shows that the blockchain’s delay size influences the convergence of the power supplied by the inverter to the reference at the point of common coupling. In the results section, real-time simulations on OPAL-RT are performed to test the resilience of two parallel inverters with increasing blockchain complexity.

Wireless sensor networks (WSNs) have gained increasing popularity in ubiquitous support of sensing system services. Often, WSNs are energy-constrained and they are deployed in harsh and unattended environments. Consequently, WSNs are vulnerable to energy and environmental factors. To ensure secure and reliable operations in safety-critical monitoring WSNs, it is important to guarantee energy-efficient communications, location privacy protection, and reliability. Fake packet-based source location privacy (SLP) protocols are known to be energy-inefficient. Therefore, in this study, we investigate the impact of energy-inefficient communications on the privacy performance of the fake packet-based SLP protocols. Experiment results show that the protocols achieve short-term and less reliable SLP protection.

The Internet of Vehicles (IoV) is a network that considers vehicles as intelligent machines. They interact and communicate with each other to improve the performance and safety of traffic. IoV solves certain problems, but it has some issues such as response time, which prompted researchers to propose the integration of Fog Computing into vehicular networks. In Vehicular Fog Computing (VFC), the services are provided at the edge of the network to increase data rate and reduce response time. However, in order to satisfy network users, the security and privacy of sensitive data should be guaranteed. Using pseudonyms instead of real identities is one of the techniques considered to preserve the privacy of users, however, this can push malicious vehicles to exploit such a process and launch the Sybil attack by creating several pseudonyms in order to perform various malicious activities. In this paper, we describe the Sybil attack effects on VFC networks and compare them to those in conventional networks, as well as identify the various existing methods for detecting this attack and determine if they are applicable to VFC networks.

Modbus is a popular industrial communication protocol supported by most automation devices. Despite its popularity, it is not a secure protocol because when it was developed, security was not a concern due to closed environments of industrial control systems. With the convergence of information technology and operational technology in recent years, the security of industrial control systems has become a serious concern. Due to the high availability requirements, it is not practical or feasible to do security experimentation of production systems. We present an implementation of cyber-physical systems with Modbus/TCP communication for real-time security testing. The proposed architecture consists of a process simulator, an IEC 61131-3 compliant programmable logic controller, and a human-machine interface, all communicating via Modbus/TCP protocol. We use Simulink as the process simulator. It does not have built-in support for the Modbus protocol. A contribution of the proposed work is to extend the functionality of Simulink with a custom block to enable Modbus communication. We use two case studies to demonstrate the utility of the cyber-physical system architecture. We can model complex industrial processes with this architecture, can launch cyber-attacks, and develop protection mechanisms.