Biblio

While vehicle-to-everything communication technology enables information sharing and cooperative control for vehicles, it also poses a significant threat to the vehicles' driving security owing to cyber-attacks. In particular, Sybil malicious attacks hidden in the vehicle broadcast information flow are challenging to detect, thereby becoming an urgent issue requiring attention. Several researchers have considered this problem and proposed different detection schemes. However, the detection performance of existing schemes based on plausibility checks and neighboring observers is affected by the traffic and attacker densities. In this study, we propose a malicious attack detection scheme based on traffic-flow information fusion, which enables the detection of Sybil attacks without neighboring observer nodes. Our solution is based on the basic safety message, which is broadcast by vehicles periodically. It first constructs the basic features of traffic flow to reflect the traffic state, subsequently fuses it with the road detector information to add the road fusion features, and then classifies them using machine learning algorithms to identify malicious attacks. The experimental results demonstrate that our scheme achieves the detection of Sybil attacks with an accuracy greater than 90 % at different traffic and attacker densities. Our solutions provide security for achieving a usable vehicle communication network.

Metaverse technologies depend on various advanced human-computer interaction (HCI) devices to be supported by extended reality (XR) technology. Many new HCI devices are supported by wireless Internet of Things (IoT) networks, where a reliable routing scheme is essential for seamless data trans-mission. Routing Protocol for Low power and Lossy networks (RPL) is a key routing technology used in IPv6-based low power and lossy networks (LLNs). However, in the networks that are configured, such as small wireless devices applying the IEEE 802.15.4 standards, due to the lack of a system that manages the identity (ID) at the center, the maliciously compromised nodes can make fabricated IDs and pretend to be a legitimate node. This behavior is called Sybil attack, which is very difficult to respond to since attackers use multiple fabricated IDs which are legally disguised. In this paper, Sybil attack countermeasures on RPL-based networks published in recent studies are compared and limitations are analyzed through simulation performance analysis.

Classification problems have been part of numerous real-life applications in fields of security, medicine, agriculture, and more. Due to the wide range of applications, there is a constant need for more accurate and efficient methods. Besides more efficient and better classification algorithms, the optimal feature set is a significant factor for better classification accuracy. In general, more features can better describe instances, but besides showing differences between instances of different classes, it can also capture many similarities that lead to wrong classification. Determining the optimal feature set can be considered a hard optimization problem for which different metaheuristics, like swarm intelligence algorithms can be used. In this paper, we propose an adaptation of hybridized swarm intelligence (SI) algorithm for feature selection problem. To test the quality of the proposed method, classification was done by k-means algorithm and it was tested on 17 benchmark datasets from the UCI repository. The results are compared to similar approaches from the literature where SI algorithms were used for feature selection, which proves the quality of the proposed hybridized SI method. The proposed method achieved better classification accuracy for 16 datasets. Higher classification accuracy was achieved while simultaneously reducing the number of used features.

As a core problem of multi-agent systems, multiagent pathfinding has an important impact on the efficiency of multi-agent systems. Because of this, many novel multi-agent pathfinding methods have been proposed over the years. However, these methods have focused on different agents with different goals for research, and less research has been done on scenarios where different agents have the same goal. We propose a multiagent pathfinding method incorporating a multi-objective gray wolf optimization algorithm to solve the multi-agent pathfinding problem with the same objective. First, constrained optimization modeling is performed to obtain objective functions about agent wholeness and security. Then, the multi-objective gray wolf optimization algorithm is improved for solving the constrained optimization problem and further optimized for scenarios with insufficient computational resources. To verify the effectiveness of the multi-objective gray wolf optimization algorithm, we conduct experiments in a series of simulation environments and compare the improved multi-objective grey wolf optimization algorithm with some classical swarm intelligence optimization algorithms. The results show that the multi-agent pathfinding method incorporating the multi-objective gray wolf optimization algorithm is more efficient in handling multi-agent pathfinding problems with the same objective.

Physical layer security is an emerging security area to tackle wireless security communications issues and complement conventional encryption-based techniques. Thus, we propose a novel scheme based on swarm intelligence optimization technique and a deep neural network (DNN) for maximizing the secrecy energy efficiency (SEE) in a cooperative relaying underlay cognitive radio- and non-orthogonal multiple access (NOMA) system with a non-linear energy harvesting user which is exposed to multiple eavesdroppers. Satisfactorily, simulation results show that the proposed particle swarm optimization (PSO)-DNN framework achieves close performance to that of the optimal solutions, with a meaningful reduction in computation complexity.

Food supply chain is a complex but necessary food production arrangement needed by the global community to maintain sustainability and food security. For the past few years, entities being a part of the food processing system have usually taken food supply chain for granted, they forget that just one disturbance in the chain can lead to poisoning, scarcity, or increased prices. This continually affects the vulnerable among society, including impoverished individuals and small restaurants/grocers. The food supply chain has been expanded across the globe involving many more entities, making the supply chain longer and more problematic making the traditional logistics pattern unable to match the expectations of customers. Food supply chains involve many challenges like lack of traceability and communication, supply of fraudulent food products and failure in monitoring warehouses. Therefore there is a need for a system that ensures authentic information about the product, a reliable trading mechanism. In this paper, we have proposed a comprehensive solution to make the supply chain consumer centric by using Blockchain. Blockchain technology in the food industry applies in a mindful and holistic manner to verify and certify the quality of food products by presenting authentic information about the products from the initial stages. The problem formulation, simulation and performance analysis are also discussed in this research work.

Modern software development frequently uses third-party packages, raising the concern of supply chain security attacks. Many attackers target popular package managers, like npm, and their users with supply chain attacks. In 2021 there was a 650% year-on-year growth in security attacks by exploiting Open Source Software's supply chain. Proactive approaches are needed to predict package vulnerability to high-risk supply chain attacks. The goal of this work is to help software developers and security specialists in measuring npm supply chain weak link signals to prevent future supply chain attacks by empirically studying npm package metadata.

In this paper, we analyzed the metadata of 1.63 million JavaScript npm packages. We propose six signals of security weaknesses in a software supply chain, such as the presence of install scripts, maintainer accounts associated with an expired email domain, and inactive packages with inactive maintainers. One of our case studies identified 11 malicious packages from the install scripts signal. We also found 2,818 maintainer email addresses associated with expired domains, allowing an attacker to hijack 8,494 packages by taking over the npm accounts. We obtained feedback on our weak link signals through a survey responded to by 470 npm package developers. The majority of the developers supported three out of our six proposed weak link signals. The developers also indicated that they would want to be notified about weak links signals before using third-party packages. Additionally, we discussed eight new signals suggested by package developers.

Data leakage by employees is a matter of concern for companies and organizations today. Previous studies have shown that existing Data Leakage Protection (DLP) systems on the market, the more secure they are, the more intrusive and tedious they are to work with. This paper proposes and assesses the implementation of four technologies that enable the development of secure file systems for insider threat-focused, low-intrusive and user-transparent DLP tools. Two of these technologies are configurable features of the Windows operating system (Minifilters and Server Message Block), the other two are virtual file systems (VFS) Dokan and WinFsp, which mirror the real file system (RFS) allowing it to incorporate security techniques. In the assessment of the technologies, it was found that the implementation of VFS was very efficient and simple. WinFsp and Dokan presented a performance of 51% and 20% respectively, with respect to the performance of the operations in the RFS. This result may seem relatively low, but it should be taken into account that the calculation includes read and write encryption and decryption operations as appropriate for each prototype. Server Message Block (SMB) presented a low performance (3%) so it is not considered viable for a solution like this, while Minifilters present the best performance but require high programming knowledge for its evolution. The prototype presented in this paper and its strategy provides an acceptable level of comfort for the user, and a high level of security.

We performed a large-scale online survey (n=1,880) to study the padlock icon, an established security indicator in web browsers that denotes connection security through HTTPS. In this paper, we evaluate users’ understanding of the padlock icon, and how removing or replacing it might influence their expectations and decisions. We found that the majority of respondents (89%) had misconceptions about the padlock’s meaning. While only a minority (23%-44%) referred to the padlock icon at all when asked to evaluate trustworthiness, these padlock-aware users reported that they would be deterred from a hypothetical shopping transaction when the padlock icon was absent. These users were reassured after seeing secondary UI surfaces (i.e., Chrome Page Info) where more verbose information about connection security was present.We conclude that the padlock icon, displayed by browsers in the address bar, is still misunderstood by many users. The padlock icon guarantees connection security, but is often perceived to indicate the general privacy, security, and trustworthiness of a website. We argue that communicating connection security precisely and clearly is likely to be more effective through secondary UI, where there is more surface area for content. We hope that this paper boosts the discussion about the benefits and drawbacks of showing passive security indicators in the browser UI.

Recently, Ning et al. proposed the “CryptCloud$^\textrm+\$$: Secure and Expressive Data Access Control for Cloud Storage” in IEEE Transaction on Services Computing. This work provided two versatile ciphertext-policy attribute-based encryption (CP-ABE) schemes to achieve flexible access control on encrypted data, namely ATER-CP-ABE and ATIR-CP-ABE, both of which have attractive advantages, such as white-box malicious user traceability, semi-honest authority accountability, public auditing and user revocation. However, we find a bug of access control in both schemes, i.e., a non-revoked user with attribute set \$S\$ can decrypt the ciphertext \$ct\$ encrypted under any access policy \$(A,\textbackslashrho )\$, regardless of whether \$S\$ satisfies \$(A,\textbackslashrho )\$ or not. This paper carefully analyzes the bug, and makes an improvement on Ning's pioneering work, so as to fix it.

Recent advancements in Deep Neural Networks (DNNs) have enabled widespread deployment in multiple security-sensitive domains. The need for resource-intensive training and the use of valuable domain-specific training data have made these models the top intellectual property (IP) for model owners. One of the major threats to DNN privacy is model extraction attacks where adversaries attempt to steal sensitive information in DNN models. In this work, we propose an advanced model extraction framework DeepSteal that steals DNN weights remotely for the first time with the aid of a memory side-channel attack. Our proposed DeepSteal comprises two key stages. Firstly, we develop a new weight bit information extraction method, called HammerLeak, through adopting the rowhammer-based fault technique as the information leakage vector. HammerLeak leverages several novel system-level techniques tailored for DNN applications to enable fast and efficient weight stealing. Secondly, we propose a novel substitute model training algorithm with Mean Clustering weight penalty, which leverages the partial leaked bit information effectively and generates a substitute prototype of the target victim model. We evaluate the proposed model extraction framework on three popular image datasets (e.g., CIFAR-10/100/GTSRB) and four DNN architectures (e.g., ResNet-18/34/Wide-ResNetNGG-11). The extracted substitute model has successfully achieved more than 90% test accuracy on deep residual networks for the CIFAR-10 dataset. Moreover, our extracted substitute model could also generate effective adversarial input samples to fool the victim model. Notably, it achieves similar performance (i.e., 1-2% test accuracy under attack) as white-box adversarial input attack (e.g., PGD/Trades).

When we setup a computer network, we need to know if an attacker can get into the system. We need to do a series of test that shows the vulnerabilities of the network setup. These series of tests are commonly known Penetration Test. The need for penetration testing was not well known before. This paper highlights how penetration started and how it became as popular as it has today. The internet played a big part into the push to getting the idea of penetration testing started. The styles of penetration testing can vary from physical to network or virtual based testing which either can be a benefit to how a company becomes more secure. This paper presents the steps of penetration testing that a company or organization needs to carry out, to find out their own security flaws.

To achieve secure uplink communication from smartphones’ screen to a telephoto camera at a long distance of 3.5 meters, we demonstrate that low-luminance space division multiplexing screen is effective in enhancement of the physical layer security. First, a numerical model shows that the spatial inter-symbol interference caused by space division multiplexing prevents eavesdropping from a wide angle by the camera. Second, wide-angle characteristics of the symbol error rate and the pixel value distribution are measured to verify the numerical analysis. We experimentally evaluate the difference in the performances from a wide angle depending on the screen luminance and color. We also evaluate the performances at a long distance in front of the screen and a short distance from a wider angle.

In the near future, the high data rate challenge would not be possible by using the radio frequency (RF) only. As the user will increase, the network traffic will increase proportionally. Visible light communication (VLC) is a good solution to support huge number of indoor users. VLC has high data rate over RF communication. The way internet users are increasing, we have to think over VLC technology. Not only the data rate is a concern but also its security, cost, and reliability have to be considered for a good communication network. Quantum technology makes a great impact on communication and computing in both areas. Quantum communication technology has the ability to support better channel capacity, higher security, and lower latency. This paper combines the quantum technology over the existing VLC and compares the performance between quantum visible light communication performance (QVLC) over the existing VLC system. Research findings clearly show that the performance of QVLC is better than the existing VLC system.

Visible light communication (VLC) is a short-range wireless optical communication that can transmit data by switching lighting elements at high speeds in indoor areas. In common areas, VLC can provide data security at every layer of communication by using physical layer security (PLS) techniques as well as existing cryptography-based techniques. In the literature, PLS techniques have generally been studied for monochrome VLC systems, and multicolor VLC studies are quite limited. In this study, to the best of authors’ knowledge, null steering (NS) and artificial noise (AN), which are widely used PLS methods, have been applied to multi-colored LED-based VLC systems for the first time in the literature and the achievable secrecy rate has been calculated.

Vehicular Ad-hoc Networks (VANETs) is a very fast emerging research area these days due to their contribution in designing Intelligent transportation systems (ITS). ITS is a well-organized group of wireless networks. It is a derived class of Mobile Ad-hoc Networks (MANETs). VANET is an instant-formed ad-hoc network, due to the mobility of vehicles on the road. The goal of using ITS is to enhance road safety, driving comfort, and traffic effectiveness by alerting the drivers at right time about upcoming dangerous situations, traffic jams, road diverted, weather conditions, real-time news, and entertainment. We can consider Vehicular communication as an enabler for future driverless cars. For these all above applications, it is necessary to make a threat-free environment to establish secure, fast, and efficient communication in VANETs. In this paper, we had discussed the overviews, characteristics, securities, applications, and various data dissemination techniques in VANET.

Machine Learning (ML) models are now commonly used as components in systems. As any other component, ML components can produce erroneous outputs that may penalize system utility. In this context, self-adaptive systems emerge as a natural approach to cope with ML mispredictions, through the execution of adaptation tactics such as model retraining. To synthesize an adaptation strategy, the self-adaptation manager needs to reason about the cost-benefit tradeoffs of the applicable tactics, which is a non-trivial task for tactics such as model retraining, whose benefits are both context- and data-dependent.To address this challenge, this paper proposes a probabilistic modeling framework that supports automated reasoning about the cost/benefit tradeoffs associated with improving ML components of ML-based systems. The key idea of the proposed approach is to decouple the problems of (i) estimating the expected performance improvement after retrain and (ii) estimating the impact of ML improved predictions on overall system utility.We demonstrate the application of the proposed framework by using it to self-adapt a state-of-the-art ML-based fraud-detection system, which we evaluate using a publicly-available, real fraud detection dataset. We show that by predicting system utility stemming from retraining a ML component, the probabilistic model checker can generate adaptation strategies that are significantly closer to the optimal, as compared against baselines such as periodic retraining, or reactive retraining.

Distributed computation and AI processing at the edge has been identified as an efficient solution to deliver real-time IoT services and applications compared to cloud-based paradigms. These solutions are expected to support the delay-sensitive IoT applications, autonomic decision making, and smart service creation at the edge in comparison to traditional IoT solutions. However, existing solutions have limitations concerning distributed and simultaneous resource management for AI computation and data processing at the edge; concurrent and real-time application execution; and platform-independent deployment. Hence, first, we propose a novel three-layer architecture that facilitates the above service requirements. Then we have developed a novel platform and relevant modules with integrated AI processing and edge computer paradigms considering issues related to scalability, heterogeneity, security, and interoperability of IoT services. Further, each component is designed to handle the control signals, data flows, microservice orchestration, and resource composition to match with the IoT application requirements. Finally, the effectiveness of the proposed platform is tested and have been verified.

Resilience and antifragility under duress present significant challenges for autonomic and self-adaptive systems operating in contested environments. In such settings, the system has to continually plan ahead, accounting for either an adversary or an environment that may negate its actions or degrade its capabilities. This will involve projecting future states, as well as assessing recovery options, counter-measures, and progress towards system goals. For antifragile systems to be effective, we envision three self-* properties to be of key importance: self-exploration, self-learning and self-training. Systems should be able to efficiently self-explore – using adversarial search – the potential impact of the adversary’s attacks and compute the most resilient responses. The exploration can be assisted by prior knowledge of the adversary’s capabilities and attack strategies, which can be self-learned – using opponent modelling – from previous attacks and interactions. The system can self-train – using reinforcement learning – such that it evolves and improves itself as a result of being attacked. This paper discusses those visions and outlines their realisation in AWaRE, a cyber-resilient and self-adaptive multi-agent system.

Cyber Physical Systems (CPS), which contain devices to aid with physical infrastructure activities, comprise sensors, actuators, control units, and physical objects. CPS sends messages to physical devices to carry out computational operations. CPS mainly deals with the interplay among cyber and physical environments. The real-time network data acquired and collected in physical space is stored there, and the connection becomes sophisticated. CPS incorporates cyber and physical technologies at all phases. Cyber Physical Systems are a crucial component of Internet of Things (IoT) technology. The CPS is a traditional concept that brings together the physical and digital worlds inhabit. Nevertheless, CPS has several difficulties that are likely to jeopardise our lives immediately, while the CPS's numerous levels are all tied to an immediate threat, therefore necessitating a look at CPS security. Due to the inclusion of IoT devices in a wide variety of applications, the security and privacy of users are key considerations. The rising level of cyber threats has left current security and privacy procedures insufficient. As a result, hackers can treat every person on the Internet as a product. Deep Learning (DL) methods are therefore utilised to provide accurate outputs from big complex databases where the outputs generated can be used to forecast and discover vulnerabilities in IoT systems that handles medical data. Cyber-physical systems need anomaly detection to be secure. However, the rising sophistication of CPSs and more complex attacks means that typical anomaly detection approaches are unsuitable for addressing these difficulties since they are simply overwhelmed by the volume of data and the necessity for domain-specific knowledge. The various attacks like DoS, DDoS need to be avoided that impact the network performance. In this paper, an effective Network Cluster Reliability Model with enhanced security and privacy levels for the data in IoT for Anomaly Detection (NSRM-AD) using deep learning model is proposed. The security levels of the proposed model are contrasted with the proposed model and the results represent that the proposed model performance is accurate

Machine learning (ML) has been applied in prognostics and health management (PHM) to monitor and predict the health of industrial machinery. The use of PHM in production systems creates a cyber-physical, omni-layer system. While ML offers statistical improvements over previous methods, and brings statistical models to bear on new systems and PHM tasks, it is susceptible to performance degradation when the behavior of the systems that ML is receiving its inputs from changes. Natural changes such as physical wear and engineered changes such as maintenance and rebuild procedures are catalysts for performance degradation, and are both inherent to production systems. Drawing from data on the impact of maintenance procedures on ML performance in hydraulic actuators, this paper presents a simulation study that investigates how long it takes for ML performance degradation to create a difference in the throughput of serial production system. In particular, this investigation considers the performance of an ML model learned on data collected before a rebuild procedure is conducted on a hydraulic actuator and an ML model transfer learned on data collected after the rebuild procedure. Transfer learning is able to mitigate performance degradation, but there is still a significant impact on throughput. The conclusion is drawn that ML faults can have drastic, non-linear effects on the throughput of production systems.

In today's society, with the continuous development of artificial intelligence, artificial intelligence technology plays an increasingly important role in social and economic development, and hass become the fastest growing, most widely used and most influential high-tech in the world today one. However, at the same time, information technology has also brought threats to network security to the entire network world, which makes information systems also face huge and severe challenges, which will affect the stability and development of society to a certain extent. Therefore, comprehensive analysis and research on information system security is a very necessary and urgent task. Through the security assessment of the information system, we can discover the key hidden dangers and loopholes that are hidden in the information source or potentially threaten user data and confidential files, so as to effectively prevent these risks from occurring and provide effective solutions; at the same time To a certain extent, prevent virus invasion, malicious program attacks and network hackers' intrusive behaviors. This article adopts the experimental analysis method to explore how to apply the most practical, advanced and efficient artificial intelligence theory to the information system security assessment management, so as to further realize the optimal design of the information system security assessment management system, which will protect our country the information security has very important meaning and practical value. According to the research results, the function of the experimental test system is complete and available, and the security is good, which can meet the requirements of multi-user operation for security evaluation of the information system.

From the perspective of time domain, the propagation characteristics of sound waves in seawater can be seen more intuitively. In order to study the influence and characteristics of seamount on low frequency acoustic propagation, the research of this paper used the Finite Element Method (FEM) based on time domain to set up a full-waveguide low-frequency acoustic propagation simulation model, and discussed the influencing laws about acoustic propagation on seamount. The simulation results show that Seamounts can hinder the propagation of sound waves, weaken the energy of sound waves. The topographic changes of seamounts can cause the coupling and transformation of acoustic signals during the propagation which can stimulate the seabed interface wave.

Solidly mounted resonators (SMRs) built on dielectric acoustic reflectors can save several fabrication steps as well as avoid undesired parasitic effects when exciting extended electrodes via capacitive coupling. In this work we manufacture and measure the frequency response of AlN-based SMRs built on 7-layer ZnO/SiO2 acoustic reflectors with SiO2 working as low impedance material and ZnO as high impedance material. After applying a 700°C treatment, their frequency response is measured again and compared with the pre-treatment measurements.

Expanding techniques for chip-scale acoustic wave focusing would open doors for advancements in signal processing and quantum electromechanical microsystems. In this paper, we present a method for acoustic wave focusing and wavefront shaping at radio frequencies (RF), validated with thin-film lithium niobite on a low-loss and high coupling silicon carbide (LiNbO3-on-SiC) testbed. By depositing a metal layer, we can mitigate the piezoelectric stiffening effect, and reduce the acoustic wave speed in a patterned area. Employing a design analogous to geometric optical systems, efficient acoustic wave focusing is experimentally observed. With more development, this technique could be employed in emerging acoustic microsystems.