Biblio

Internet of Battlefield Things (IoBT) is the application of Internet of Things (IoT) to a battlefield environment. IoBT networks operate in difficult conditions due to high mobility and unpredictable nature of battle fields and securing them is a challenge. There is increasing interest to use deception techniques to enhance the security of IoBT networks. A honeypot is a system installed on a network as a trap to attract the attention of an attacker and it does not store any valuable data. In this work, we introduce IoBT dual sensor gateways. We propose a Reinforcement Learning (RL)-assisted scheme, in which the IoBT dual sensor gateways intelligently switch between honeypot and real function based on a threshold. The optimal threshold is determined using reinforcement learning approach that adapts to nodes reputation. To focus on the impact of the mobile and uncertain behavior of IoBT networks on the proposed scheme, we consider the nodes as moving vehicles. We statistically analyze the results of our RL-based scheme obtained using ns-3 network simulation, and optimize value of the threshold.

The cloud infrastructure is not new to the society from past one decade. But even in recent time, the companies started migrating from local services to cloud services for better connectivity and for other requirements, this is due to companies financial limitations on existing infrastructure, they are migrating to less cost and hire and fire support based cloud infrastructures. But the proposed cloud infrastructure require security on event logs accessed by different end users on the cloud environment. To adopt the security on local services to cloud service based infrastructure, it need better identify management between end users. Therefore this paper presents the related works of user identity as a service for each user involving in cloud service and the accessing permission and protection will be monitored and controlled by the cloud security infrastructures.

In this paper, we propose a relational anonymous P2P communication network evaluation model based on Markov chain (AEMC), and show how to extend our model to the anonymous evaluation of sender and receiver relationship anonymity when the attacker attacks the anonymous P2P communication network and obtains some information. Firstly, the constraints of the evaluation model (the attacker assumption for message tracing) are specified in detail; then the construction of AEMC anonymous evaluation model and the specific evaluation process are described; finally, the simulation experiment is carried out, and the evaluation model is applied to the probabilistic anonymous evaluation of the sender and receiver relationship of the attacker model, and the evaluation is carried out from the perspective of user (message).

Industry 4.0 is now much more than just a buzzword. However, with the advancement of automation through digitization and softwarization of dedicated hardware, applications are also becoming more susceptible to random hardware errors in the calculation. This cyber-physical demonstrator uses a robotic application to show the effects that even single bit flips can have in the real world due to hardware errors. Using the graphical user interface including the human machine interface, the audience can generate hardware errors in the form of bit flips and see their effects live on the robot. In this paper we will be showing a new technology, the SIListra Safety Transformer (SST), that makes it possible to detect those kind of random hardware errors, which can subsequently make safety-critical applications more reliable.

The Internet of Things integrates multiple hardware appliances from large cloud data centres to constrained devices embedded within the physical reality, from multiple vendors and providers, under the same infrastructure. These appliances are subject to different restrictions, have different available resources and show different risk profiles and vulnerabilities. In these scenarios, remote attestation mechanisms are essential, enabling the verification of a distant appliance’s internal state before allowing it to access sensitive data or execute critical workloads. This work proposes a new attestation approach based on a Trusted Platform Module (TPM), devoted to performing Remote Attestation as a Service (RAaaS) while guaranteeing essential properties such as flexibility, generality, domain separation and authorized initiation. The proposed solution can prove both edge devices and IoT devices reliability to services running on cloud data centres. Furthermore, the first prototype of this service has been validated and evaluated via a real use case.

Service workers boost the user experience of modern web applications by taking advantage of the Cache API to improve responsiveness and support offline usage. In this paper, we present the first security analysis of the threats posed by this programming practice, identifying an attack with major security implications. In particular, we show how a traditional XSS attack can abuse the Cache API to escalate into a personin-the-middle attack against cached content, thus compromising its confidentiality and integrity. Remarkably, this attack enables new threats which are beyond the scope of traditional XSS. After defining the attack, we study its prevalence in the wild, finding that the large majority of the sites which register service workers using the Cache API are vulnerable as long as a single webpage in the same origin of the service worker is affected by an XSS. Finally, we propose a browser-side countermeasure against this attack, and we analyze its effectiveness and practicality in terms of security benefits and backward compatibility with existing web applications.

Service workers boost the user experience of modern web applications by taking advantage of the Cache API to improve responsiveness and support offline usage. In this paper, we present the first security analysis of the threats posed by this programming practice, identifying an attack with major security implications. In particular, we show how a traditional XSS attack can abuse the Cache API to escalate into a personin-the-middle attack against cached content, thus compromising its confidentiality and integrity. Remarkably, this attack enables new threats which are beyond the scope of traditional XSS. After defining the attack, we study its prevalence in the wild, finding that the large majority of the sites which register service workers using the Cache API are vulnerable as long as a single webpage in the same origin of the service worker is affected by an XSS. Finally, we propose a browser-side countermeasure against this attack, and we analyze its effectiveness and practicality in terms of security benefits and backward compatibility with existing web applications.

The popularity of P2P (Peer-To-Peer) systems is increased tremendously due to massive increase in the Internet based applications. Initially, P2P systems were mainly designed for wired networks but today people are using more wireless networks and therefore these systems are gaining popularity. There are many wireless networks available today and WMNs (Wireless Mess Networks) are gaining popularity due to hybrid structure. People are using structured P2P systems-based applications within perimeter of a WMN. Structured P2P WMNs will assist the community to fetch the relevant information to accomplish their activities. There are inherent challenges in the structured P2P network and increased in wireless environment like WMNs. Structured P2P systems suffer from many challenges like lack of content availability, malicious content distribution, poor search scalability, free riding behaviour, white washing, lack of a robust trust model etc. Whereas, WMNs have limitations like mobility management, bandwidth constraint, limited battery power of user's devices, security, maintenance etc. in remote/ forward areas. We exploit the better possibility of content availability and search scalability in this paper. We propose replication schemes based on the popularity of content for structured P2P system applications in community based WMNs. The analysis of the performance shows that proposed scheme performs better than the existing replication scheme in different conditions.

Vulnerabilities in the source code of software are critical issues in the realm of software engineering. Coping with vulnerabilities in software source code is becoming more challenging due to several aspects of complexity and volume. Deep learning has gained popularity throughout the years as a means of addressing such issues. In this paper, we propose an evaluation of vulnerability detection performance on source code representations and evaluate how Machine Learning (ML) strategies can improve them. The structure of our experiment consists of 3 Deep Neural Networks (DNNs) in conjunction with five different source code representations; Abstract Syntax Trees (ASTs), Code Gadgets (CGs), Semantics-based Vulnerability Candidates (SeVCs), Lexed Code Representations (LCRs), and Composite Code Representations (CCRs). Experimental results show that employing different ML strategies in conjunction with the base model structure influences the performance results to a varying degree. However, ML-based techniques suffer from poor performance on class imbalance handling when used in conjunction with source code representations for software vulnerability detection.

With the rapid development of the Internet, network traffic is becoming more complex and diverse. At the same time, malicious traffic is growing. This seriously threatens the security of networks and information. However, the current DPI (Deep Packet Inspect) engine based on x86 architecture is slow in monitoring speed, which cannot meet the needs. Generally, two factors affect the detection rate: CPU and memory; The efficiency of data packet acquisition, and multi regular expression matching. Under these circumstances, this paper presents an efficient implementation of the DPI engine based on a generic x86 platform. DPDK is used as the platform of network data packets acquisition and processing. Using the multi-queue of the NIC (network interface controller) and the customized symmetric RSS key, the network traffic is divided and reorganized in the form of conversation. The core of traffic identification is hyperscan, which uses a flow pattern to match the packets load of a single conversation efficiently. It greatly reduces memory requirements. The method makes full use of the system resources and takes into account the advantages of high efficiency of hardware implementation. And it has a remarkable improvement in the efficiency of recognition.

For a long time, there have been a number of malicious APP discovery and detection services in the Android security field. There are multiple and multiple sensitive actions in most malicious apps. This paper is based on the research of dynamic and static detection technology to analyze the sensitive behaviors in APP, combined with automated testing technology to achieve automated detection, which can improve the detection efficiency and accuracy of malicious APP.

The development of artificial intelligence will certainly fundamentally change the pattern of human work. With the promotion of top-level strategies, vocational education can only develop sustainably by integrating with science and technology. Artificial intelligence is a branch of computer science that studies the basic theories, methods and techniques of how to apply computer hardware and software to simulate certain intelligent human behaviors. Artificial intelligence applied to vocational education mainly focuses on resource network technology and integrated distributed intelligent system, which organically integrates various different expert systems (ES), management information systems (MIS), intelligent networks, decision support systems (DSS), databases, numerical computing packages and graphics processing programs to solve complex problems. Artificial intelligence will certainly empower vocational education and give rise to a vocational education revolution. In the process of continuous improvement of AI, it is a more practical approach to apply various already mature AI technologies to vocational education practice. Establishing an intelligent vocational education ecology enables traditional education and AI to complement each other's advantages and jointly promote the healthy and sustainable development of vocational education ecology.

Magnetic shielding is an important part in atomic clock’s physical system. The demagnetization of the assembled magnetic shielding system plays an important role in improving atomic clock’s performance. In terms of the drawbacks in traditional attenuated alternating-current demagnetizing method, this paper proposes a novel method — automatically attenuated alternating-current demagnetizing method. Which is implemented by controlling the demagnetization current waveform thorough the signal source’s modulation, so that these parameters such as demagnetizing current frequency, amplitude, transformation mode and demagnetizing period are precisely adjustable. At the same time, this demagnetization proceeds automatically, operates easily, and works steadily. We have the pulsed optically pumped (POP) rubidium atomic clock’s magnetic shielding system for the demagnetization experiment, the magnetic field value reached 1nT/7cm. Experiments show that novel method can effectively realize the demagnetization of the magnetic shielding system, and well meets the atomic clock’s working requirements.

In the era of Big Data, opportunities and challenges are mixed. The data transfer is increasingly frequent and speedy, and the data lifecycle is also extended, bringing more challenges to security and privacy risk governance. Currently, the common measures of risk governance covering the entire data life cycle are the data-related staff management, equipment security management, data encryption codes, data content identification and de-identification processing, etc. With the trend of data globalization, regulations fragmentation and governance technologization, “International standards”, a measure of governance combining technology and regulation, has the potential to become the best practice. However, “voluntary compliance” of international standards derogates the effectiveness of risk governance through this measure. In order to strengthen the enforcement of the international standards, the paper proposes a governance approach which is “the framework regulated by international standards, and regulations and technologies specifically implemented by national legislation.” It aims to implement the security and privacy risk governance of Big Data effectively.

As a new service-oriented computing paradigm, cloud computing facilitates users to share and use resources. However, due to the dynamic and openness of its operating environment, only relying on traditional identity authentication technology can no longer fully meet the security requirements of cloud computing. The trust evaluation of user behavior has become the key to improve the security of cloud computing. Therefore, in view of some problems existing in our current research on user behavior trust, this paper optimizes and improves the construction of the evaluation index system and the calculation of trust value, and proposes a cloud end-user behavior trust evaluation model based on sliding window. Finally, the model is proved to be scientific and effective by simulation experiments, which has certain significance for the security protection of cloud resources.

With the continuous improvement of China's scientific and technological level, computer network has become an indispensable part of people's daily life. It can not only effectively improve the efficiency of production and life, and shorten the distance between people, but also further promote the speed of China's social and economic development, which has a positive impact on the realization of China's modernization. Under the new information security demand environment at present, we should pay attention to the related information security work and formulate effective security measures and strategies. In order to effectively prevent these information security problems, people should actively adopt firewall technology, encryption technology, network access control technology and network virus prevention technology for effective protection. This paper analyzes the security problems in the application of wireless sensor networks and explores the mechanism of defending information security, hoping to strengthen the security and stability of wireless sensor networks through effective measures, so that people can better enjoy the convenience brought by the network age.

With the development of cloud computing technology, cloud services have been used by more and more traditional applications and products because of their unique advantages such as virtualization, high scalability and universality. In the cloud computing environment, computer networks often encounter security problems such as external attacks, hidden dangers in the network and hidden dangers in information sharing. The network security level protection system is the basic system of national network security work, which is the fundamental guarantee for promoting the healthy development of informatization and safeguarding national security, social order and public interests. This paper studies cloud computing security from the perspective of level protection, combining with the characteristics of cloud computing security. This scheme is not only an extension of information system level protection, but also a study of cloud computing security, aiming at cloud computing security control from the perspective of level protection.

The intelligent connected vehicle industry has entered a period of opportunity, industry data is accumulating rapidly, and the formulation of industry standards to regulate big data management and application is imminent. As the basis of data security, data classification has received unprecedented attention. By combing through the research and development status of data classification in various industries, this article combines industry characteristics and re-examines the framework of industry data classification from the aspects of information security and data assetization, and tries to find the balance point between data security and data value. The intelligent networked automobile industry provides support for big data applications, this article combines the characteristics of the connected vehicle industry, re-examines the data characteristics of the intelligent connected vehicle industry from the 2 aspects as information security and data assetization, and eventually proposes a scene-based hierarchical framework. The framework includes the complete classification process, model, and quantifiable parameters, which provides a solution and theoretical endorsement for the construction of a big data automatic classification system for the intelligent connected vehicle industry and safe data open applications.

In the big data cloud computing environment, data security issues have become a focus of attention. This paper delivers an overview of conceptions, characteristics and advanced technologies for big data cloud computing. Security issues of data quality and privacy control are elaborated pertaining to data access, data isolation, data integrity, data destruction, data transmission and data sharing. Eventually, a virtualization architecture and related strategies are proposed to against threats and enhance the data security in big data cloud environment.

As the rapid development of information technology and networks, there have been several new challenges to data security. For security needs in the process of data transmission and storage, the data security protection mechanism based on SM algorithm is studied. In addition, data cryptographic security protection system model composed of cryptographic infrastructure, cryptographic service nodes and cryptographic modules is proposed. As the core of the mechanism, SM algorithm not only brings about efficient data encryption and decryption, but ensures the security, integrity and non-repudiation of data transmission and storage. Secure and controllable key management is implemented by this model, which provides easy-to-expandable cryptographic services, and brings efficient cryptographic capabilities applicable for multiple scenarios.

DDoS attack detection in a single dimension cannot cope with complex and new attacks. Aiming at the problems existing in single dimension detection, this paper proposes an algorithm to detect DDoS attack based on multi-dimensional entropy. Firstly, the algorithm selects multiple dimensions and establishes corresponding decision function for each dimension and calculates its information entropy. Secondly, the multidimensional sliding window CUSUM algorithm without parameters is used to synthesize the detection results of three dimensions to determine whether it is attacked by DDoS. Finally, the data set published by MIT Lincoln Laboratory is used for testing. Experimental results show that compared with single dimension detection algorithm, this method has good detection rate and low false alarm rate.

With the development of openness, sharing and interconnection of computer network, the architecture of enterprise network becomes more and more complex, and various network security problems appear. Threat Intelligence(TI) Analysis and situation awareness(SA) are the prediction and analysis technology of enterprise security risk, while intrusion detection technology belongs to active defense technology. In order to ensure the safe operation of computer network system, we must establish a multi-level and comprehensive security system. This paper analyzes many security risks faced by enterprise computer network, and integrates threat intelligence analysis, security situation assessment, intrusion detection and other technologies to build a comprehensive enterprise security system to ensure the security of large enterprise network.

With the continuous emergence of cloud computing technology, cloud infrastructure software will become the mainstream application model in the future. Among the databases, relational databases occupy the largest market share. Therefore, the relational cloud database will be the main product of the combination of database technology and cloud computing technology, and will become an important branch of the database industry. This article explores the establishment of an evaluation system framework for relational databases, helping enterprises to select relational cloud database products according to a clear goal and path. This article can help enterprises complete the landing of relational cloud database projects.

With the development of technology, the structure of power grid becomes more and more complex, and the amount of data collected is also increasing. In the existing smart power grid, the data collected by sensors need to be uploaded and stored to the trusted central node, but the centralized storage method is easy to cause the malicious attack of the central node, resulting in single point failure, data tampering and other security problems. In order to solve these information security problems, this paper proposes a new data security storage framework based on private blockchain. By using the improved raft algorithm, partial decentralized data storage is used instead of traditional centralized storage. It also introduces in detail the working mechanism of the smart grid data security storage framework, including the process of uploading collected data, data verification, and data block consensus. The security analysis shows the effectiveness of the proposed data storage framework.

This paper proposes an image encryption technology based on six-dimensional hyperchaotic system and DNA encoding, in order to solve the problem of low security in existing image encryption algorithms. First of all, the pixel values of the R, G, and B channels are divided into blocks and zero-filled. Secondly, the chaotic sequence generated by the six-dimensional hyperchaotic system and logistic mapping is used for DNA coding and DNA operations. Third, the decoded three-channel pixel values are scrambled through diagonal traversal. Finally, merge the channels to generate a ciphertext image. According to simulation experiments and related performance analysis, the algorithm has high security performance, good encryption and decryption effects, and can effectively resist various common attack methods.