Biblio

The importance of the security of industrial control network has become increasingly prominent. Aiming at the defects of main security protection system in the intelligent manufacturing industrial control network, we propose a security attack risk detection and defense, and emergency processing capability synchronization technology system suitable for the intelligent manufacturing industrial control system. Integrating system control and network security theories, a flexible and reconfigurable system-wide security architecture method is proposed. On the basis of considering the high availability and strong real-time of the system, our research centers on key technologies supporting system-wide security analysis, defense strategy deployment and synchronization, including weak supervision system reinforcement and pattern matching, etc.. Our research is helpful to solve the problem of industrial control network of “old but full of loopholes” caused by the long-term closed development of the production network of important parts, and alleviate the contradiction between the high availability of the production system and the relatively backward security defense measures.

MIMO technology has been widely used in the telecommunication systems nowadays, and the space-time coding is a key part of MIMO technology. A good coding scheme can exploit the spatial diversity to correct the error which is generated in transmission, and increase the normalized transfer rate with low decoding complexity. On the Basis of the research on different Space-Time Block Codes, this essay proposes a new STBC, Diagonal Block Orthogonal Space-Time Block Code. Then we will compare it with other STBCs in the performance of bit error rate, transfer rate, decoding complexity and peek-to-average power ratio, the final result will prove the superiority of DBOAST.

With the rapid development of the information technology era, the era of big data has also arrived. While computer networks are promoting the prosperity and development of society, their applications have become more extensive and in-depth. Smart city video surveillance systems have entered an era of networked surveillance and business integration. The problems are also endless. This article discusses computer network security in the era of big data, hoping to help strengthen the security of computer networks in our country. This paper studies the computer network security prevention strategies of smart cities in the era of big data.

With the advance in artificial intelligence and high-dimensional data analysis, federated learning (FL) has emerged to allow distributed data providers to collaboratively learn without direct access to local sensitive data. However, limiting access to individual provider’s data inevitably incurs security issues. For instance, backdoor attacks, one of the most popular data poisoning attacks in FL, severely threaten the integrity and utility of the FL system. In particular, backdoor attacks launched by multiple collusive attackers, i.e., distributed backdoor attacks, can achieve high attack success rates and are hard to detect. Existing defensive approaches, like model inspection or model sanitization, often require to access a portion of local training data, which renders them inapplicable to the FL scenarios. Recently, the norm clipping approach is developed to effectively defend against distributed backdoor attacks in FL, which does not rely on local training data. However, we discover that adversaries can still bypass this defense scheme through robust training due to its unchanged norm clipping threshold. In this paper, we propose a novel defense scheme to resist distributed backdoor attacks in FL. Particularly, we first identify that the main reason for the failure of the norm clipping scheme is its fixed threshold in the training process, which cannot capture the dynamic nature of benign local updates during the global model’s convergence. Motivated by it, we devise a novel defense mechanism to dynamically adjust the norm clipping threshold of local updates. Moreover, we provide the convergence analysis of our defense scheme. By evaluating it on four non-IID public datasets, we observe that our defense scheme effectively can resist distributed backdoor attacks and ensure the global model’s convergence. Noticeably, our scheme reduces the attack success rates by 84.23% on average compared with existing defense schemes.

Sharing relational databases on the Internet creates the need to protect these databases. Its output in substantial losses to the data storing systems because of unauthorized access to information that could lose novelty. The research associations use the research databases to mine new information about the research works of the relational databases that are available for free. It is a great challenge to maintain authenticity because these databases are vulnerable to security issues. Watermarking is a candidate solution that fully protects databases shared with the receiver. The protection of relational database ownership that may continue to evolve against the various aquatic mechanisms shared with the recipient that arouses appetite for attacks and must continue to evolve so that they can have database knowledge to support their decision-making system is effective. The relational database based onVirtual private key Watermarking using numeric attribute) involves embedding the same watermark in the same properties in different places in the same place. Therefore, data attackers cannot remove watermarks from data. The proposed strategy is to work by inserting watermark bits in such a way that it causes minimal distortion in the data and the data usability must remain intact after the data is watermarked. The proposed strategy is to work by inserting watermark bits in such a way that it causes minimal distortion in the data and the ability to use the data after watermarking the data must remain intact. The existence of a primary key is the main feature or compulsory item for most of the strategies. Our method provides solutions no primary key feature where the integrating search system of the database remains intact after watermarking distortion.

The Internet of Battlefield Things (IoBT) is a dynamically composed network of intelligent sensors and actuators that operate as a command and control, communications, computers, and intelligence complex-system with the aim to enable multi-domain operations. The use of artificial intelligence can help transform the IoBT data into actionable insight to create information and decision advantage on the battlefield. In this work, we focus on how accounting for uncertainty in IoBT systems can result in more robust and safer systems. Human trust in these systems requires the ability to understand and interpret how machines make decisions. Most real-world applications currently use deterministic machine learning techniques that cannot incorporate uncertainty. In this work, we focus on the machine learning task of classifying vehicles from their audio recordings, comparing deterministic convolutional neural networks (CNNs) with Bayesian CNNs to show that correctly estimating the uncertainty can help lead to robust decision-making in IoBT.

With the development of wireless sensor networks (WSNs), WSNs have been widely used in various fields such as animal habitat detection, military surveillance, etc. This paper focuses on protecting the source location privacy (SLP) in WSNs. Existing algorithms perform poorly in non-uniform networks which are common in reality. In order to address the performance degradation problem of existing algorithms in non-uniform networks, this paper proposes a robust fixed path-based random routing scheme (RFRR), which guarantees the path diversity with certainty in non-uniform networks. In RFRR, the data packets are sent by selecting a routing path that is highly differentiated from each other, which effectively protects SLP and resists the backtracking attack. The experimental results show that RFRR increases the difficulty of the backtracking attack while safekeeping the balance between security and energy consumption.

Emerging technologies change the qualities of modern healthcare by employing smart systems for patient monitoring. To well use the data surrounding the patient, tiny sensing devices and smart gateways are involved. These sensing systems have been used to collect and analyze the real-time data remotely in Internet of Medical Thinks (IoM). Since the patient sensed information is so sensitive, the security and privacy of medical data are becoming challenging problem in IoM. It is then important to ensure the security, privacy and integrity of the transmitted data by designing a secure and a lightweight authentication protocol for the IoM. In this paper, in order to improve the authentication and communications in health care applications, we present a novel secure and anonymous authentication scheme. We will use elliptic curve cryptography (ECC) with random numbers generated by fuzzy logic. We simulate IoM scheme using network simulator 3 (NS3) and we employ optimized link state routing protocol (OLSR) algorithm and ECC at each node of the network. We apply some attack algorithms such as Pollard’s ρ and Baby-step Giant-step to evaluate the vulnerability of the proposed scheme.

We consider a graph property known as r-robustness of the random K-out graphs. Random K-out graphs, denoted as \$\textbackslashtextbackslashmathbbH(n;K)\$, are constructed as follows. Each of the n nodes select K distinct nodes uniformly at random, and then an edge is formed between these nodes. The orientation of the edges is ignored, resulting in an undirected graph. Random K-out graphs have been used in many applications including random (pairwise) key predistribution in wireless sensor networks, anonymous message routing in crypto-currency networks, and differentially-private federated averaging. r-robustness is an important metric in many applications where robustness of networks to disruptions is of practical interest, and r-robustness is especially useful in analyzing consensus dynamics. It was previously shown that consensus can be reached in an r-robust network for sufficiently large r even in the presence of some adversarial nodes. r-robustness is also useful for resilience against adversarial attacks or node failures since it is a stronger property than r-connectivity and thus can provide guarantees on the connectivity of the graph when up to r – 1 nodes in the graph are removed. In this paper, we provide a set of conditions for Kn and n that ensure, with high probability (whp), the r-robustness of the random K-out graph.

To make supply chains sustainable and smart, companies can use information and communication technologies to manage procurement, sourcing, conversion, logistics, and customer relationship management activities. Characterized by profit, people, and planet, the supply chain processes of creating values and managing risks are expected to be digitally transformed. Once digitized, datafied, and networked, supply chains can account for substantial progress towards sustainability. Given the lack of clarity on the concepts of resilience and human rights for the supply chain, especially with the recent advancement of social media, big data, artificial intelligence, and cloud computing, the study conducts a scoping review. To identify the size, scope, and themes, it collected 180 articles from the Web of Science bibliographic database. The bibliometric findings reveal the overall conceptual and intellectual structure, and the gaps for further research and development. The concept of resilience can be enriched, for instance, by the environmental, social, and governance (ESG) concerns. The enriched notion of resilience can also be expressed in digitized, datafied, and networked forms.

The expression of cyber-attacks on communication links in smart grids has emerged recently. In microgrids, cooperation between agents through communication links is required, thus, microgrids can be considered as cyber-physical-systems and they are vulnerable to cyber-attack threats. Cyber-attacks can cause damages in control systems, therefore, the resilient control methods are necessary. In this paper, a resilient control approach against false data injection attack is proposed for secondary control of DC microgrids. In the proposed framework, a PI controller with an adjustable gain is utilized to eliminate the injected false data. The proposed control method is employed for both sensor and link attacks. Convergence analysis of the measurement sensors and the secondary control objectives under the studied control method is performed. Finally, a DC microgrid with four units is built in Matlab/Simulink environment to verify the proposed approach.

Aiming at the problem of low detection accuracy in traditional power system network intrusion detection methods, in order to improve the performance of power system network intrusion detection, a power system network intrusion detection method based on random forest algorithm is proposed. Firstly, the power system network intrusion sub sample is selected to construct the random forest decision tree. The random forest model is optimized by using the edge function. The accuracy of the vector is judged by the minimum state vector of the power system network, and the measurement residual of the power system network attack is calculated. Finally, the power system network intrusion data set is clustered by Gaussian mixture clustering Through the design of power system network intrusion detection process, the power system network intrusion detection is realized. The experimental results show that the power system network intrusion detection method based on random forest algorithm has high network intrusion detection performance.

Structured Query Language (SQL) is extensively used for storing, manipulating and retrieving information in the relational database management system. Using SQL statements, attackers will try to gain unauthorized access to databases and launch attacks to modify/retrieve the stored data, such attacks are called as SQL injection attacks. Such SQL Injection (SQLi) attacks tops the list of web application security risks of all the times. Identifying and mitigating the potential SQL attack statements before their execution can prevent SQLi attacks. Various techniques are proposed in the literature to mitigate SQLi attacks. In this paper, a random decision forest approach is introduced to mitigate SQLi attacks. From the experimental results, we can infer that the proposed approach achieves a precision of 97% and an accuracy of 95%.

Anomalous users detection in social network is an imperative task for security problems. Motivated by the great power of Graph Neural Networks(GNNs), many current researches adopt GNN-based detectors to reveal the anomalous users. However, the increasing scale of social activities, explosive growth of users and manifold technical disguise render the user detection a difficult task. In this paper, we propose an innovate Relevance-aware Anomalous Users Detection model (RAU-GNN) to obtain a fine-grained detection result. RAU-GNN first extracts multiple relations of all types of users in social network, including both benign and anomalous users, and accordingly constructs the multiple user relation graph. Secondly, we employ relevance-aware GNN framework to learn the hidden features of users, and discriminate the anomalous users after discriminating. Concretely, by integrating Graph Convolution Network(GCN) and Graph Attention Network(GAT), we design a GCN-based relation fusion layer to aggregate initial information from different relations, and a GAT-based embedding layer to obtain the high-level embeddings. Lastly, we feed the learned representations to the following GNN layer in order to consolidate the node embedding by aggregating the final users' embeddings. We conduct extensive experiment on real-world datasets. The experimental results show that our approach can achieve high accuracy for anomalous users detection.

In order to increase the availability and reliability of photovoltaic (PV) systems, fault diagnosis and condition monitoring of inverters are of crucial means to meet the goals. Numerous methods are implemented for fault diagnosis of PV inverters, providing robust features and handling massive amount of data. However, existing methods rely on simplistic frameworks that are incapable of inspecting a wide range of intrinsic and explicit features, as well as being time-consuming. In this paper, a novel method based on a multilayer deep belief network (DBN) is suggested for fault diagnosis, which allows the framework to discover the probabilistic reconstruction across its inputs. This approach equips a robust hierarchical generative model for exploiting features associated with faults, interprets functions that are highly variable, and needs lesser prior information. Moreover, the method instantaneously categorizes the fault conditions, which eventually strengthens the adaptability of applying it on a variety of diagnostic problems in an inverter domain. The proposed method is evaluated using multiple input signals at different sampling frequencies. To evaluate the efficacy of DBN, a test model based on a three-phase 2-level grid-tied PV inverter was used. The results show that the method is capable of achieving precise diagnosis operations.

Affected by the inherent ideas like "Focus on Function Realization, Despise Security Protection", there are lots of hidden threats in the industrial control system of wind farms (ICS-WF), such as unreasonable IP configuration, failure in virus detection and killing, which are prone to illegal invasion and attack from the cyberspace. Those unexpected unauthorized accesses are quite harmful for the stable operation of the wind farms and regional power grid. Therefore, by investigating the current security situation and needs of ICS-WF, analyzing the characteristics of ICS-WF’s architecture and internal communication, and integrating the ideas of the classified protection of cybersecurity, this paper proposes a new customized cybersecurity strategy for ICS-WF based on the barrel theory. We also introduce an new anomalous intrusion detection technology for ICS-WF, which is developed based on statistical models of wind farm network characteristics. Finally, combined all these work with the network security offense and defense drill in the industrial control safety simulation laboratory of wind farms, this research formulates a three-dimensional comprehensive protection solution for ICS-WF, which significantly improves the cybersecurity level of ICS-WF.

With the spread of the Internet, various devices are now connected to it and the number of IoT devices is increasing. Data generated by IoT devices has traditionally been aggregated in the cloud and processed over time. However, there are two issues with using the cloud. The first is the response delay caused by the long distance between the IoT device and the cloud, and the second is the difficulty of implementing sufficient security measures on the IoT device side due to the limited resources of the IoT device at the end. To address these issues, fog computing, which is located in the middle between IoT devices and the cloud, has been attracting attention as a new network component. However, the risks associated with the introduction of fog computing have not yet been fully investigated. In this study, we conducted a risk assessment of fog computing, which is newly established to promote the use of IoT devices, and identified 24 risk factors. The main countermeasures include the gradual introduction of connected IoT connection protocols and security policy matching. We also demonstrated the effectiveness of the proposed risk measures by evaluating the risk values. The proposed risk countermeasures for fog computing should help us to utilize IoT devices in a safe and secure manner.

In recent years, new cyber attacks such as targeted attacks have caused extensive damage. With the continuing development of the IoT society, various devices are now connected to the network and are being used for various purposes. The Internet of Things has the potential to link cyber risks to actual property damage, as cyberspace risks are connected to physical space. With this increase in unknown cyber risks, the demand for cyber insurance is increasing. One of the most serious emerging risks is the silent cyber risk, and it is likely to increase in the future. However, at present, security measures against silent cyber risks are insufficient. In this study, we conducted a risk management of silent cyber risk for organizations with the objective of contributing to the development of risk management methods for new cyber risks that are expected to increase in the future. Specifically, we modeled silent cyber risk by focusing on state transitions to different risks. We newly defined two types of silent cyber risk, namely, Alteration risk and Combination risk, and conducted risk assessment. Our assessment identified 23 risk factors, and after analyzing them, we found that all of them were classified as Risk Transference. We clarified that the most effective risk countermeasure for Alteration risk was insurance and for Combination risk was measures to reduce the impact of the risk factors themselves. Our evaluation showed that the silent cyber risk could be reduced by about 50%, thus demonstrating the effectiveness of the proposed countermeasures.

Autonomous robots are increasingly widespread in our society. These robots need to be safe, reliable, respectful of privacy, not manipulable by external agents, and capable of offering explanations of their behavior in order to be accountable and acceptable in our societies. Companies offering robotic services will need to provide mechanisms to address these issues using High Performance Computing (HPC) facilities, where logs and off-line forensic analysis could be addressed if required, but these solutions are still not available in software development frameworks for robots. The aim of this paper is to discuss the implications and interactions among cybersecurity, safety, and explainability with the goal of making autonomous robots more trustworthy.

Wireless communication systems are inherently vulnerable to adversarial attacks since malevolent jammers might jam and disrupt the legitimate transmission intentionally. Of particular interest are so- called denial-of-service (DoS) attacks in which the jammer is able to completely disrupt the communication. Accordingly, it is of crucial interest for the legitimate users to detect such DoS attacks. Turing machines provide the fundamental limits of today's digital computers and therewith of the traditional signal processing. It has been shown that these are incapable of detecting DoS attacks. This stimulates the question of how powerful the signal processing must be to enable the detection of DoS attacks. This paper investigates the general computation framework of Blum-Shub-Smale machines which allows the processing and storage of arbitrary reals. It is shown that such real number signal processing then enables the detection of DoS attacks.

Previous research on frequency hopping (FH) signal recognition utilizing deep learning only focuses on single-label signal, but can not deal with overlapped FH signal which has multi-labels. To solve this problem, we propose a new FH signal recognition method based on fully convolutional networks (FCN). Firstly, we perform the short-time Fourier transform (STFT) on the collected FH signal to obtain a two-dimensional time-frequency pattern with time, frequency, and intensity information. Then, the pattern will be put into an improved FCN model, named FH-FCN, to make a pixel-level prediction. Finally, through the statistics of the output pixels, we can get the final classification results. We also design an algorithm that can automatically generate dataset for model training. The experimental results show that, for an overlapped FH signal, which contains up to four different types of signals, our method can recognize them correctly. In addition, the separation of multiple FH signals can be achieved by a slight improvement of our method.

With the rapid development of mobile communication technology, the reconnaissance on terminal capability and identity information is not only an important guarantee to maintain the normal order of mobile communication, but also an essential means to ensure the electromagnetic space security. According to the characteristics of 5G mobile communication terminal's transporting capability and identity information, the smart jamming is first used to make the target terminal away from the 5G network, and then the jamming is turned off at once. Next the terminal will return to the 5G network. Through the time-frequency matching detection method, interactive signals of random access process and network registration between the terminal and the base station are quickly captured in this process, and the scheduling information in Physical Downlink Control Channel (PDCCH) and the capability and identity information in Physical Uplink Shared Channel (PUSCH) are demodulated and decoded under non-cooperative conditions. Finally, the experiment is carried out on the actual 5G communication terminal of China Telecom. The capability and identity information of this terminal are extracted successfully in the Stand Alone (SA) mode, which verifies the effectiveness and correctness of the method. This is a significant technical foundation for the subsequent development on the 5G terminal control equipment.

In this paper, we investigate a networked control problem in the presence of Denial-of-Service (DoS) attacks, which prevent transmissions over the communication network. The communication between the process and controller is also subject to bit rate constraints. For mitigating the influences of DoS attacks and bit rate constraints, we develop a variable bit rate (VBR) encoding-decoding protocol and quantized controller to stabilize the control system. We show that the system’s resilience against DoS under VBR is preserved comparing with those under constant bit rate (CBR) quantized control, with fewer bits transmitted especially when the attack levels are low. The proposed VBR quantized control framework in this paper is general enough such that the results of CBR quantized control under DoS and moreover the results of minimum bit rate in the absence of DoS can be recovered.

The presence of the Information Technology System (ITS) has become one of the components for basic needs that must be met in navigating through the ages. Organizational programs in responding to the industrial era 4.0 make the use of ITS is a must in order to facilitate all processes related to quality service in carrying out the main task of protecting and serving the community. The implementation of ITS is actually not easy forthe threat of challenges and disturbances in the form of risks haunts ITS's operations. These conditions must be able to be identified and analyzed and then action can be executed to reduce the negative impact, so the risks are acceptable. This research will study about ITS risk management using the the guideline of Information Technology Infrastructure Library (ITIL) to formulate an operational strategy in order ensure that STI services at the Papa Oscar Cikeas Data Center (DC) can run well in the form of recommendations. Based on a survey on the implementing elements of IT function, 82.18% of respondents considered that the IT services provided by DC were very important, 86.49% of respondents knew the importance of having an emergency plan to ensure their products and services were always available, and 67.17% of respondents believes that DC is well managed. The results of the study concludes that it is necessary to immediately form a structural DC organization to prepare a good path for the establishment of a professional data center in supporting public service information technology systems.

Intel SGX provides a new method to protect software privacy data, but it faces the security risk of side channel attack. In our opinion, SGX side channel attack depend on the implicit mapping between control flow and data flow to infer privacy data indirectly with control flow. For this reason, we propose code reuse to construct dynamic control flow software. In this method, by loading a large number of related gadgets in advance, the software reset the software control data according to the original software semantics at runtime, so that the software control flow can change dynamically heavily. Based on code reuse, we make the software control flow change dynamically, and the mapping between control flow and data flow more complex and difficult to determine, which can increase the difficulty of SGX side channel attack.