Biblio

The error-resiliency of Artificial Intelligence (AI) hardware accelerators is a major concern, especially when they are deployed in mission-critical and safety-critical applications. In this paper, we propose a neuron fault tolerance strategy for Spiking Neural Networks (SNNs). It is optimized for low area and power overhead by leveraging observations made from a large-scale fault injection experiment that pinpoints the critical fault types and locations. We describe the fault modeling approach, the fault injection framework, the results of the fault injection experiment, the fault-tolerance strategy, and the fault-tolerant SNN architecture. The idea is demonstrated on two SNNs that we designed for two SNN-oriented datasets, namely the N-MNIST and IBM's DVS128 gesture datasets.

The spread of Internet of Things (IoT) devices and high-speed communications, such as 5G, makes their services rich and diverse. Therefore, it is desirable to perform functions of rich services transparently and use edge computing environments flexibly at intermediate locations on the Internet, from the perspective of a network system. When this type of edge computing environment is achieved, IoT nodes as end devices of the Internet can fully utilize edge computing systems and cloud systems without any change, such as switching destination IP addresses between them, along with protocol maintenance for the switching. However, when the data transfer in the communication is encrypted, a decryption method is necessary at the edge, to realize these transparent edge services. In this study, a transparent common key-exchanging method with cloud service has been proposed as the destination node of a communication pair, to transparently decrypt a secure sockets layer-encrypted communication stream at the edge area. This enables end devices to be free from any changes and updates to communicate with the destination node.

In his Executive Order (EO) on Improving the Nation’s Cybersecurity, President Biden identified the prevention, detection, assessment and remediation of cyber incidents as a top priority of his Administration. The Commerce Department and NTIA were directed by the EO to publish the minimum elements for a Software Bill of Materials (SBOM), a key tool to help create a more transparent and secure software supply chain. As the President notes, “the trust we place in our digital infrastructure should be proportional to how trustworthy and transparent that infrastructure is.”

Due to the wide deployment of deep learning applications in safety-critical systems, robust and secure execution of deep learning workloads is imperative. Adversarial examples, where the inputs are carefully designed to mislead the machine learning model is among the most challenging attacks to detect and defeat. The most dominant approach for defending against adversarial examples is to systematically create a network architecture that is sufficiently robust. Neural Architecture Search (NAS) has been heavily used as the de facto approach to design robust neural network models, by using the accuracy of detecting adversarial examples as a key metric of the neural network's robustness. While NAS has been proven effective in improving the robustness (and accuracy in general), the NAS-generated network models run noticeably slower on typical DNN accelerators than the hand-crafted networks, mainly because DNN accelerators are not optimized for robust NAS-generated models. In particular, the inherent multi-branch nature of NAS-generated networks causes unacceptable performance and energy overheads.To bridge the gap between the robustness and performance efficiency of deep learning applications, we need to rethink the design of AI accelerators to enable efficient execution of robust (auto-generated) neural networks. In this paper, we propose a novel hardware architecture, NASGuard, which enables efficient inference of robust NAS networks. NASGuard leverages a heuristic multi-branch mapping model to improve the efficiency of the underlying computing resources. Moreover, NASGuard addresses the load imbalance problem between the computation and memory-access tasks from multi-branch parallel computing. Finally, we propose a topology-aware performance prediction model for data prefetching, to fully exploit the temporal and spatial localities of robust NAS-generated architectures. We have implemented NASGuard with Verilog RTL. The evaluation results show that NASGuard achieves an average speedup of 1.74× over the baseline DNN accelerator.

Intrusion detection is a traditional practice of security experts, however, there are several issues which still need to be tackled. Therefore, in this paper, after highlighting these issues, we present an architecture for a hybrid Intrusion Detection System (IDS) for an adaptive and incremental detection of both known and unknown attacks. The IDS is composed of supervised and unsupervised modules, namely, a Deep Neural Network (DNN) and the K-Nearest Neighbors (KNN) algorithm, respectively. The proposed system is near-autonomous since the intervention of the expert is minimized through the active learning (AL) approach. A query strategy for the labeling process is presented, it aims at teaching the supervised module to detect unknown attacks and improve the detection of the already-known attacks. This teaching is achieved through sliding windows (SW) in an incremental fashion where the DNN is retrained when the data is available over time, thus rendering the IDS adaptive to cope with the evolutionary aspect of the network traffic. A set of experiments was conducted on the CICIDS2017 dataset in order to evaluate the performance of the IDS, promising results were obtained.

The network security problem brought by the cloud computing has become an important issue to be dealt with in information construction. Since anomaly detection and attack detection in cloud environment need to find the vulnerability through the reverse analysis of data flow, it is of great significance to carry out the reverse analysis of unknown network protocol in the security application of cloud environment. To solve this problem, an improved mining method on bitstream protocol association rules with unknown type and format is proposed. The method combines the location information of the protocol framework to make the frequent extraction process more concise and accurate. In addition, for the frame separation problem of unknown protocol, we design a hierarchical clustering algorithm based on Jaccard distance and a frame field delimitation method based on the proximity of information entropy between bytes. The experimental results show that this technology can correctly resolve the protocol format and realize the purpose of anomaly detection in cloud computing, and ensure the security of cloud services.

With the emergence of computationally intensive and delay sensitive applications, mobile edge computing(MEC) has become more and more popular. Simultaneously, MEC paradigm is faced with security challenges, the most harmful of which is DDoS attack. In this paper, we focus on the resource orchestration algorithm in MEC scenario to mitigate DDoS attack. Most of existing works on resource orchestration algorithm barely take into account DDoS attack. Moreover, they assume that MEC nodes are unselfish, while in practice MEC nodes are selfish and try to maximize their individual utility only, as they usually belong to different network operators. To solve such problems, we propose a price-based resource orchestration algorithm(PROA) using game theory and convex optimization, which aims at mitigating DDoS attack while maximizing the utility of each participant. Pricing resources to simulate market mechanisms, which is national to make rational decisions for all participants. Finally, we conduct experiment using Matlab and show that the proposed PROA can effectively mitigate DDoS attack on the attacked MEC node.

In this paper, we propose models and schemes for coded and uncoded packet transmission over time invariant (TIC) and time variant (TVC) channels. We provide an approximation of the delay induced assuming fmite number of time slots to transmit a given number of packets. We propose an adaptive physical layer (PHY)-aware coded scheme that designs smart acknowledgments (ACK) via an optimal selection of coded packets to transmit at a given SNR. We apply our proposed schemes to channels with complex fading behavior and high round trip (RTT) delays. We compare the accuracy of TVC coded scheme to the TIC coded scheme, and we show the throughput-delay efficacy of adaptive coded schemes driven by PHY-awareness in the mitigation of high RTT environments, with up to 3 fold gains.

In addition to the feature of real-time analytics, fog computing allows detection nodes to be located at the edges of the network. On the other hand, intrusion detection systems require prompt and accurate attack analysis and detection. These systems must promptly respond appropriately to an event. Increasing the speed of data transfer and response requires less bandwidth in the network, reducing the data sent to the cloud and increasing information security as some of the advantages of using detection nodes at the edges of the network in fog computing. The use of neural networks in the analyzer engine is important for the low consumption of system resources, avoidance of explicit production of detection rules, detection of known deformed attacks, and the ability to manage noise and outlier data. The current paper proposes and implements the architecture of network intrusion detection nodes in fog computing, in addition to presenting the proposed fog network architecture. In the proposed architecture, each node can, in addition to performing intrusion detection operations, observe the nodes around it, find the compromised node or intrusion node, and inform the nodes close to it to disconnect from that node.

Network intrusion detection is an important research direction of network security. The diversification of network intrusion mode and the increasing amount of network data make the traditional detection methods can not meet the requirements of the current network environment. The development of deep learning technology and its successful application in the field of artificial intelligence provide a new solution for network intrusion detection. In this paper, the convolutional neural network in deep learning is applied to network intrusion detection, and an intelligent detection model which can actively learn is established. The experiment on KDD99 data set shows that it can effectively improve the accuracy and adaptive ability of intrusion detection, and has certain effectiveness and advancement.

In this paper, we study a wireless powered cellular network (WPCN) supported with network coding capability. In particular, we consider a network consisting of k cellular users (CUs) served by a hybrid access point (HAP) that takes over energy transfer to the users on top of information transmission over both the uplink (UL) and downlink (DL). Each CU has k+1 states representing its communication behavior, and collectively are referred to as the user demand profile. Opportunistically, when the CUs have information to be exchanged through the HAP, it broadcasts this information in coded format to the exchanging pairs, resulting in saving time slots over the DL. These saved slots are then utilized by the HAP to prolong the network lifetime and enhance the network throughput. We quantify, analytically, the performance gain of our network-coded WPCN over the conventional one, that does not employ network coding, in terms of network lifetime and throughput. We consider the two extreme cases of using all the saved slots either for energy boosting or throughput enhancement. In addition, a lifetime/throughput optimization is carried out by the HAP for balancing the saved slots assignment in an optimized fashion, where the problem is formulated as a mixed-integer linear programming optimization problem. Numerical results exhibit the network performance gains from the lifetime and throughput perspectives, for a uniform user demand profile across all CUs. Moreover, the effect of biasing the user demand profile of some CUs in the network reveals considerable improvement in the network performance gains.

With the ubiquitous network applications and the continuous development of network attack technology, all social circles have paid close attention to the cyberspace security. Intrusion detection systems (IDS) plays a very important role in ensuring computer and communication systems security. Recently, deep learning has achieved a great success in the field of intrusion detection. However, the high computational complexity poses a major hurdle for the practical deployment of DL-based models. In this paper, we propose a novel approach based on a lightweight deep neural network (LNN) for IDS. We design a lightweight unit that can fully extract data features while reducing the computational burden by expanding and compressing feature maps. In addition, we use inverse residual structure and channel shuffle operation to achieve more effective training. Experiment results show that our proposed model for intrusion detection not only reduces the computational cost by 61.99% and the model size by 58.84%, but also achieves satisfactory accuracy and detection rate.

Authorship attribution, an NLP problem where anonymous text is matched to its author, has important, cross-disciplinary applications, particularly those concerning cyber-defense. Our research examines the degree of sensitivity that attention-based models have to adversarial perturbations. We ask, what is the minimal amount of change necessary to maximally confuse a transformer model? In our investigation we examine a balanced subset of emails from the Enron email dataset, calculating the performance of our model before and after email signatures have been perturbed. Results show that the model's performance changed significantly in the absence of a signature, indicating the importance of email signatures in email authorship detection. Furthermore, we show that these models rely on signatures for shorter emails much more than for longer emails. We also indicate that additional research is necessary to investigate stylometric features and adversarial training to further improve classification model robustness.

Cloud computing has helped in managing big data and providing resources remotely and ubiquitously, but it has some latency and security concerns. Fog has provided tremendous advantages over cloud computing which include low latency rate, improved real-time interactions, reduced network traffic overcrowding, and improved reliability, however, security concerns need to be addressed separately. Another major issue in the cloud is Cloud Lock-in/Vendor Lock-in. Through this research, an effort has been made to extend fog computing and Searchable Encryption technologies. The proposed system can reduce the issue of cloud lock-in faced in traditional cloud computing. The SE schemes used in this paper are Symmetric Searchable Encryption (SSE) and Multi-keyword Ranked Searchable Encryption (MRSE) to achieve confidentiality, privacy, fine-grained access control, and efficient keyword search. This can help to achieve better access control and keyword search simultaneously. An important use of this technique is it helps to prevent the issue of cloud/vendor lock-in. This can shift some computation and storage of index tables over fog nodes that will reduce the dependency on Cloud Service Providers (CSPs).

Today's companies are increasingly relying on Internet of Everything (IoE) to modernize their operations. The very complexes characteristics of such system expose their applications and their exchanged data to multiples risks and security breaches that make them targets for cyber attacks. The aim of our work in this paper is to provide an cybersecurity strategy whose objective is to prevent and anticipate threats related to the IoE. An economic approach is used in order to help to take decisions according to the reduction of the risks generated by the non definition of the appropriate levels of security. The considered problem have been resolved by exploiting a combinatorial optimization approach with a practical case of knapsack. We opted for a bi-objective modeling under uncertainty with a constraint of cardinality and a given budget to be respected. To guarantee a robustness of our strategy, we have also considered the criterion of uncertainty by taking into account all the possible threats that can be generated by a cyber attacks over IoE. Our strategy have been implemented and simulated under MATLAB environement and its performance results have been compared to those obtained by NSGA-II metaheuristic. Our proposed cyber security strategy recorded a clear improvment of efficiency according to the optimization of the security level and cost parametrs.

With the advent of the era of big data, information technology has been rapidly developed and the application of computers has been popularized. However, network technology is a double-edged sword. While providing convenience, it also faces many problems, among which there are many hidden dangers of network information security. Based on this, based on the era background of big data, the network information security analysis, explore the main network security problems, and elaborate computer information network security matters needing attention, to strengthen the network security management, and put forward countermeasures, so as to improve the level of network security.

{With the rapid development of cyberspace, cyber security incidents are increasing, and the means and types of network attacks are becoming more and more complex and refined, which brings greater challenges to security risk control. First, the knowledge graph technology is used to construct a cyber security knowledge graph based on ontology to realize multi-source heterogeneous security big data fusion calculation, and accurately express the complex correlation between different security entities. Furthermore, for cyber security risk control, a key node assessment method for security risk diffusion is proposed. From the perspectives of node communication correlation and topological level, the calculation method of node communication importance based on improved PageRank Algorithm and based on the improved K-shell Algorithm calculates the importance of node topology are studied, and then organically combine the two calculation methods to calculate the importance of different nodes in security risk defense. Experiments show that this method can evaluate the importance of nodes more accurately than the PageRank algorithm and the K-shell algorithm.

With the increase of the number of network threats, the knowledge graph is an effective method to quickly analyze the network threats from the mass of network security texts. Named entity recognition in network security domain is an important task to construct knowledge graph. Aiming at the problem that key Chinese entity information in network security related text is difficult to identify, a named entity recognition model in network security domain based on BERT-BiLSTM-CRF is proposed to identify key named entities in network security related text. This model adopts the BERT pre-training model to obtain the word vectors of the preceding and subsequent text information, and the obtained word vectors will be input to the subsequent BiLSTM module and CRF module for encoding and sorting. The test results show that this model has a good effect on the data set of network security domain. The recognition effect of this model is better than that of LSTM-CRF, BERT-LSTM-CRF, BERT-CRF and other models, and the F1=93.81%.

In these days, malware attacks target different kinds of devices as IoT, mobiles, servers even the cloud. It causes several hardware damages and financial losses especially for big companies. Malware attacks represent a serious issue to cybersecurity specialists. In this paper, we propose a new approach to detect unknown malware families based on machine learning classification and visualization technique. A malware binary is converted to grayscale image, then for each image a GIST descriptor is used as input to the machine learning model. For the malware classification part we use 3 machine learning algorithms. These classifiers are so efficient where the highest precision reach 98%. Once we train, test and evaluate models we move to simulate 2 new malware families. We do not expect a good prediction since the model did not know the family; however our goal is to analyze the behavior of our classifiers in the case of new family. Finally, we propose an approach using a filter to know either the classification is normal or it's a zero-day malware.

With the rapid growth in Natural Language Processing (NLP), all types of industries find a need for analyzing a massive amount of data. Sentiment analysis is becoming a more exciting area for the businessmen and researchers in Text mining & NLP. This process includes the calculation of various sentiments with the help of text mining. Supplementary to this, the world is connected through Information Technology and, businesses are moving toward the next step of the development to make their system more intelligent. Microservices have fulfilled the need for development platforms which help the developers to use various development tools (Languages and applications) efficiently. With the consideration of data analysis for business growth, data security becomes a major concern in front of developers. This paper gives a solution to keep the data secured by providing required access to data scientists without disturbing the base system software. This paper has discussed data storage and exchange policies of microservices through common JavaScript Object Notation (JSON) response which performs the sentiment analysis of customer's data fetched from various microservices through secured APIs.

As any other infrastructure relying on cyber-physical systems (CPS), naval CPS are highly interconnected and collect considerable data streams, on which depend multiple command and navigation decisions. Being a data-driven decision system requiring optimized supervisory control on a permanent basis, it is critical to examine the CPS vulnerability to anomalies and their propagation. This paper presents an approach to detect CPS anomalies and estimate their propagation applying a quality assessed graph, which represents the CPS physical and digital subsystems, combined with system variables dependencies and a set of data and information quality measures vectors. Following the identification of variables dependencies and high-risk nodes in the CPS, data and information quality measures reveal how system variables are modified when an anomaly is detected, also indicating its propagation path. Taking as reference the normal state of a naval propulsion management system, four anomalies in the form of cyber-attacks - port scan, programmable logical controller stop, and man in the middle to change the motor speed and operation of a tank valve - were produced. Three anomalies were properly detected and their propagation path identified. These results suggest the feasibility of anomaly detection and estimation of propagation estimation in CPS, applying data and information quality analysis to a system graph.

The rapid growth of the Internet is, in part, powered by the broad participation of numerous vendors building network components. All these network devices require that they be properly configured and maintained, which creates a challenge for system administrators of complex networks with a growing variety of heterogeneous devices. This challenge is true for today's networks, as well as for the networking architectures of the future, such as Named Data Networking (NDN). This paper gives a preliminary design of an NDNconf framework, an adaptation of a recently developed NETCONF protocol, to realize unified configuration and management for NDN. The presented design is built leveraging the benefits provided by NDN, including the structured naming shared among network and application layers, stateful data retrieval with name-based interest forwarding, in-network caching, data-centric security model, and others. Specifically, the configuration data models, the heart of NDNconf, the elements of the models and models themselves are represented as secured NDN data, allowing fetching models, fetching configuration data that correspond to elements of the model, and issuing commands using the standard Interest-Data exchanges. On top of that, the security of models, data, and commands are realized through native data-centric NDN mechanisms, providing highly secure systems with high granularity of control.

This paper proposes a hardware Self-Organizing Map (SOM) for high dimensional vectors. The proposed SOM is based on nested architecture with pipeline processing. Due to homogeneous modular structure, the nested architecture provides high expandability. The original nested SOM was designed to handle low-dimensional vectors with fully parallel computation, and it yielded very high performance. In this paper, the architecture is extended to handle much higher dimensional vectors by using sequential computation, which requires multiple clocks to process a single vector. To increase the performance, the proposed architecture employs pipeline computation, in which search of winner neuron and weight vector update are carried out simultaneously. Operable clock frequency for the system was 60 MHz, and its throughput reached 15012 million connection updates per second (MCUPS).

This paper presents a computational study of Thai legal documents using text mining and network analytic approach. Thai legal systems rely much on the existing judicial rulings. Thus, legal documents contain complex relationships and require careful examination. The objective of this study is to use text mining to model relationships between these legal documents and draw useful insights. A structure of document relationship was found as a result of the study in forms of a network that is related to the meaningful relations of legal documents. This can potentially be developed further into a document retrieval system based on how documents are related in the network.

Network port scans are a key first step to developing a true understanding of a network-facing attack surface. However in large-scale networks, the data resulting from such scans can be too numerous for Red Teams to process for manual and semiautomatic testing. Indiscriminate port scans can also compromise a Red Team seeking to quickly gain a foothold on a network. A large attack surface can even complicate Blue Team activities like threat hunting. In this paper we provide a cluster analysis methodology designed to group similar hosts to reduce security team workload and Red Team observability. We also measure the Internet-facing network attack surface of 13 organizations by clustering their hosts based on similarity. Through a case study we demonstrate how the output of our clustering technique provides new insight to both Red and Blue Teams, allowing them to quickly identify potential high-interest points on the attack surface.