Biblio

The excess buffering of packets in network elements, also referred to as bufferbloat, results in high latency. Considering the requirements of traffic generated by video conferencing systems like Zoom, cloud rendered gaming platforms like Google Stadia, or even video streaming services such as Netflix, Amazon Prime and YouTube, timeliness of such traffic is important. Ensuring low latency to IP flows with a high throughput calls for the application of Active Queue Management (AQM) schemes. This introduces yet another problem as the co-existence of scalable and classic congestion controls leads to the starvation of classic TCP flows. Technologies such as Low Latency Low Loss Scalable Throughput (L4S) and the corresponding dual queue coupled AQM, DualPI2, provide a robust solution to these problems. However, their deployment on hardware targets such as programmable switches is quite challenging due to the complexity of algorithms and architectural constraints of switching ASICs. In this study, we provide proof of concept implementations of two AQMs that enable the co-existence of scalable and traditional TCP traffic, namely DualPI2 and the preceding single-queue PI2 AQM, on an Intel Tofino switching ASIC. Given the fixed operation of the switch’s traffic manager, we investigate to what extent it is possible to implement a fully RFC-compliant version of the two AQMs on the Tofino ASIC. The study shows that an appropriate split between control and data plane operations is required while we also exploit fixed functionality of the traffic manager to support such solutions.

We introduce the notion of an application-based covert channel—or ABCC—which provides a formal syntax for describing covert channels that tunnel messages through existing protocols. Our syntax captures many recent systems, including DeltaShaper (PETS 2017) and Protozoa (CCS 2020). We also define what it means for an ABCC to be secure against a passive eavesdropper, and prove that suitable abstractions of existing censorship circumvention systems satisfy our security notion. In doing so, we define a number of important non-cryptographic security assumptions that are often made implicitly in prior work. We believe our formalisms may be useful to censorship circumvention developers for reasoning about the security of their systems and the associated security assumptions required.

As the IPv6 protocol has been rapidly developed and applied, the security of IPv6 networks has become the focus of academic and industrial attention. Despite the fact that the IPv6 protocol is designed with security in mind, due to insufficient defense measures of current firewalls and intrusion detection systems for IPv6 networks, the construction of covert channels using fields not defined or reserved in IPv6 protocols may compromise the information systems. By discussing the possibility of constructing storage covert channels within IPv6 protocol fields, 10 types of IPv6 covert channels are constructed with undefined and reserved fields, including the flow label field, the traffic class field of IPv6 header, the reserved fields of IPv6 extension headers and the code field of ICMPv6 header. An IPv6 covert channel detection method based on field matching (CC-Guard) is proposed, and a typical IPv6 network environment is built for testing. In comparison with existing detection tools, the experimental results show that the CC-Guard not only can detect more covert channels consisting of IPv6 extension headers and ICMPv6 headers, but also achieves real-time detection with a lower detection overhead.

This paper addresses the allocation method of offensive resources for man-made attacks on power systems considering extreme weather conditions, which can help the defender identify the most vulnerable components to protect in this adverse situation. The problem is formulated as an attacker-defender model. The attacker at the upper level intends to maximize the expected damage considering all possible line failure scenarios. These scenarios are characterized by the combinations of failed transmission lines under extreme weather. Once the disruption is detected, the defender at the lower level alters the generation and consumption in the power grid using DC optimal power flow technique to minimize the damage. Then the original bi-level problem is transformed into an equivalent single-level mixed-integer linear program through strong duality theorem and Big-M method. The proposed attack resource allocation method is applied on IEEE 39-bus system and its effectiveness is demonstrated by the comparative case studies.

In this paper, a sliding mode control (SMC) based on nonlinear disturbance observer and intermittent control is proposed to maximize the security of cyber-physical systems (CPSs), aiming at the cyber-attacks and physical uncertainties of cyber-physical systems. In the CPSs, the transmission of information data and control signals to the remote end through the network may lead to cyber attacks, and there will be uncertainties in the physical system. Therefore, this paper establishes a CPSs model that includes network attacks and physical uncertainties. Secondly, according to the analysis of the mathematical model, an adaptive SMC based on disturbance observer and intermittent control is designed to keep the CPSs stable in the presence of network attacks and physical uncertainties. In this strategy, the adaptive strategy suppresses the controller The chattering of the output. Intermittent control breaks the limitations of traditional continuous control to ensure efficient use of resources. Finally, to prove the control performance of the controller, numerical simulation results are given.

One of the major concerns in the real-time monitoring systems in a smart grid is the Cyber security threat. The false data injection attack is emerging as a major form of attack in Cyber-Physical Systems (CPS). A False data Injection Attack (FDIA) can lead to severe issues like insufficient generation, physical damage to the grid, power flow imbalance as well as economical loss. The recent advancements in machine learning algorithms have helped solve the drawbacks of using classical detection techniques for such attacks. In this article, we propose to use Autoencoders (AE’s) as a novel Machine Learning approach to detect FDI attacks without any major modifications. The performance of the method is validated through the analysis of the simulation results. The algorithm achieves optimal accuracy owing to the unsupervised nature of the algorithm.

This study aims to explore the security issues and computational intelligence of drone information system based on deep learning. Targeting at the security issues of the drone system when it is attacked, this study adopts the improved long short-term memory (LSTM) network to analyze the cyber physical system (CPS) data for prediction from the perspective of predicting the control signal data of the system before the attack occurs. At the same time, the differential privacy frequent subgraph (DPFS) is introduced to keep data privacy confidential, and the digital twins technology is used to map the operating environment of the drone in the physical space, and an attack prediction model for drone digital twins CPS is constructed based on differential privacy-improved LSTM. Finally, the tennessee eastman (TE) process is undertaken as a simulation platform to simulate the constructed model so as to verify its performance. In addition, the proposed model is compared with the Bidirectional LSTM (BiLSTM) and Attention-BiLSTM models proposed by other scholars. It was found that the root mean square error (RMSE) of the proposed model is the smallest (0.20) when the number of hidden layer nodes is 26. Comparison with the actual flow value shows that the proposed algorithm is more accurate with better fitting. Therefore, the constructed drone attack prediction model can achieve higher prediction accuracy and obvious better robustness under the premise of ensuring errors, which can provide experimental basis for the later security and intelligent development of drone system.

Cyber-Physical Systems (CPS) are complex systems of computational, physical, and human components integrated to achieve some function over one or more networks. The use of distributed simulation, or co-simulation, is one method often used to analyze the behavior and properties of these systems. High-Level Architecture (HLA) is an IEEE co-simulation standard that supports the development and orchestration of distributed simulations. However, a simple HLA federation constructed with the component simulations (i.e., federates) does not satisfy several requirements that arise in real-world use cases such as the shared use of limited physical and computational resources, the need to selectively hide information from participating federates, the creation of reusable federates and federations for supporting configurable shared services, achieving performant distributed simulations, organizing federations across different model types or application concerns, and coordinating federations across organizations with different information technology policies. This paper describes these core requirements that necessitate the use of multiple HLA federations and presents various mechanisms for constructing such integrated HLA federations. An example use case is implemented using a model-based rapid simulation integration framework called the Universal CPS Environment for Federation (UCEF) to illustrate these requirements and demonstrate techniques for integrating multiple HLA federations.

The data sharing is a helpful and financial assistance provided by CC. Information substance security also rises out of it since the information is moved to some cloud workers. To ensure the sensitive and important data; different procedures are utilized to improve access manage on collective information. Here strategies, Cipher text-policyattribute based encryption (CP-ABE) might create it very helpful and safe. The conventionalCP-ABE concentrates on information privacy only; whereas client's personal security protection is a significant problem as of now. CP-ABE byhidden access (HA) strategy makes sure information privacy and ensures that client's protection isn't exposed also. Nevertheless, the vast majority of the current plans are ineffectivein correspondence overhead and calculation cost. In addition, the vast majority of thismechanism takes no thought regardingabilityauthenticationor issue of security spillescapein abilityverificationstage. To handle the issues referenced over, a security protectsCP-ABE methodby proficient influenceauthenticationis presented in this manuscript. Furthermore, its privacy keys accomplish consistent size. In the meantime, the suggestedplan accomplishes the specific safetyin decisional n-BDHE issue and decisional direct presumption. The computational outcomes affirm the benefits of introduced method.

Early detection of conflict potentials around the community is vital for the Central Java Regional Police Department, especially in the Analyst section of the Directorate of Security Intelligence. Performance in carrying out early detection will affect the peace and security of the community. The performance of potential conflict detection activities can be improved using an integrated early detection information system by shortening the time after observation, report preparation, information processing, and analysis. Developed using Unified Process as a software life cycle, the obtained result shows the time-based performance variables of the officers are significantly improved, including observation time, report production, data finding, and document formatting.

With the rapid development of Internet Technology in recent years, the demand for security support for complex applications is becoming stronger and stronger. Intel Software Guard Extensions (Intel SGX) is created as an extension of Intel Systems to enhance software security. Intel SGX allows application developers to create so-called enclave. Sensitive application code and data are encapsulated in Trusted Execution Environment (TEE) by enclave. TEE is completely isolated from other applications, operating systems, and administrative programs. Enclave is the core structure of Intel SGX Technology. Enclave supports multi-threading. Thread Control Structure (TCS) stores special information for restoring enclave threads when entering or exiting enclave. Each execution thread in enclave is associated with a TCS. This paper analyzes and verifies the possible security risks of enclave under concurrent conditions. It is found that in the case of multithread concurrency, a single enclave cannot resist flooding attacks, and related threads also throw TCS exception codes.

Inertial Confinement Fusion(ICF) uses the inertia of the substance itself to confine the nest-temperature thermonuclear fuel plasma to achieve thermonuclear fusion and obtain fusion energy. In the design of the local-volume ignition target capsule, the ignition zone and the main combustion zone are separated by heavy medium. The ignition zone is located in the center of the system (the part of the fusion combustion). The mass is small and can be compressed to high density and the overall temperature is raised to the ignition state (local-volume ignition). The temperature increase and density increase of the local volume ignition are relatively decoupled in time. The multi-step enhanced shock wave heats the fuel temperature drop, after which the collision effect accelerates the metal shell layer by layer, and uses the inertia of high-Z metal shell with a larger residual mass to achieve effective compression of the fuel areal after the driving source ends for a long time. Local volume ignition has the advantages of no need to reshape the radiation driving pulse, resistance to the influence of hot electrons, less demanding compression symmetry, and large combustion gain.

Recently, it has been proposed to deal with fusion of multi-object densities exploiting the minimum information loss (MIL) rule, which has shown its superiority over generalized covariance intersection (GCI) fusion whenever sensor nodes have low detection probability. On the contrary, GCI shows better performance than MIL when dense clutter is involved in the measurements. In this paper, we are going to study the behavior of multi-object fusion with MIL and, respectively, GCI rules in the situation wherein the sensor network is exposed to cyber-attacks. Both theoretical and numerical analyses demonstrate that MIL is more robust than GCI fusion when the multi-sensor system is subject to a packet substitution attack.

We study how information flows through a multi-robot network in order to better understand how to provide resilience to malicious information. While the notion of global resilience is well studied, one way existing methods provide global resilience is by bringing robots closer together to improve the connectivity of the network. However, large changes in network structure can impede the team from performing other functions such as coverage, where the robots need to spread apart. Our goal is to mitigate the trade-off between resilience and network structure preservation by applying resilience locally in areas of the network where it is needed most. We introduce a metric, Influence, to identify vulnerable regions in the network requiring resilience. We design a control law targeting local resilience to the vulnerable areas by improving the connectivity of robots within these areas so that each robot has at least 2F+1 vertex-disjoint communication paths between itself and the high influence robot in the vulnerable area. We demonstrate the performance of our local resilience controller in simulation and in hardware by applying it to a coverage problem and comparing our results with an existing global resilience strategy. For the specific hardware experiments, we show that our control provides local resilience to vulnerable areas in the network while only requiring 9.90% and 15.14% deviations from the desired team formation compared to the global strategy.

This paper deals with the implementation of robust control, based on the finite time Lyapunov stability theory, to solve the trajectory tracking problem of an unconventional quadrotor with rotating arms (also known as foldable drone). First, the model of this Unmanned Aerial Vehicle (UAV) taking into consideration the variation of the inertia, the Center of Gravity (CoG) and the control matrix is presented. The theoretical foundations of backstepping control enhanced by a Super-Twisting (ST) algorithm are then discussed. Numerical simulations are performed to demonstrate the effectiveness of the proposed control strategy. Finally, a qualitative and quantitative comparative study is made between the proposed controller and the classical backstepping controller. Overall, the results obtained show that the proposed control approach provides better performance in terms of accuracy and resilience.

Network attacks are becoming more intense and characterized by complexity and persistence. Mechanisms that ensure network resilience to faults and threats should be well provided. Different approaches have been proposed to network resilience; however, most of them rely on static policies, which is unsuitable for current complex network environments and real-time requirements. To address these issues, we present a Belief-Desire-Intention (BDI) based multi-agent resilience network controller coupled with blockchain. We first clarify the theory and platform of the BDI, then discuss how the BDI evaluates the network resilience. In addition, we present the architecture, workflow, and applications of the resilience network controller. Simulation results show that the resilience network controller can effectively detect and mitigate distributed denial of service attacks.

This paper presents a study on the "Dynamic Load Altering Attacks" (D-LAAs), their effects on the dynamics of a transmission network, and provides a robust control protection scheme, based on polytopic uncertainties, invariance theory, Lyapunov arguments and graph theory. The proposed algorithm returns an optimal Energy Storage Systems (ESSs) placement, that minimizes the number of ESSs placed in the network, together with the associated control law that can robustly stabilize against D-LAAs. The paper provides a contextualization of the problem and a modelling approach for power networks subject to D-LAAs, suitable for the designed robust control protection scheme. The paper also proposes a reference scenario for the study of the dynamics of the control actions and their effects in different cases. The approach is evaluated by numerical simulations on large networks.

Intrusion detection for Controller Area Network (CAN) protocol requires modern methods in order to compete with other electrical architectures. Fingerprint Intrusion Detection Systems (IDS) provide a promising new approach to solve this problem. By characterizing network traffic from known ECUs, hazardous messages can be discriminated. In this article, a modified version of Fingerprint IDS is employed utilizing both step response and spectral characterization of network traffic via neural network training. With the addition of feature set reduction and hyperparameter tuning, this method accomplishes a 99.4% detection rate of trusted ECU traffic.

Nowadays, safety systems are an important feature for modern vehicles. Many accidents would have been occurred without them. In comparison with older vehicles, modern vehicles have a much better crumple zone, more airbags, a better braking system, as well as a much better and safer driving behaviour. Although, the vehicles safety systems are working well in these days, there is still space for improvement and for adding new security features. This paper describes the implementation of an Intelligent Caravan Monitoring System (ICMS) using the Controller Area Network (CAN), for the communication between the vehicle’s electronic system and the trailer’s electronic system. Furthermore, a comparison between the communication technology of this paper and a previous published paper will be made. The new system is faster, more flexible and more energy efficient.

Due to the migration megatrend, efficient and effective second-language acquisition is vital. One proposed solution involves AI-enabled conversational agents for person-centered interactive language practice. We present results from ongoing action research targeting quality assurance of proprietary generative dialog models trained for virtual job interviews. The action team elicited a set of 38 requirements for which we designed corresponding automated test cases for 15 of particular interest to the evolving solution. Our results show that six of the test case designs can detect meaningful differences between candidate models. While quality assurance of natural language processing applications is complex, we provide initial steps toward an automated framework for machine learning model selection in the context of an evolving conversational agent. Future work will focus on model selection in an MLOps setting.

Populations move across regions in search of better living possibilities, better life outcomes or going away from problems that affected their lives in the previous region they lived in. In the United States of America, this problem has been happening over decades. Intelligent Conversational Text-based Agents, also called Chatbots, and Artificial Intelligence are increasingly present in our lives and over recent years, their presence has increased considerably, due to the usability cases and the familiarity they are wining constantly. Using NLP algorithms for law in accessible platforms allows scaling of users to access a certain level of law expert who could assist users in need. This paper describes the motivation and circumstances of this problem as well as the description of the development of an Intelligent Conversational Agent system that was used by immigrants in the USA so they could get answers to questions and get suggestions about better legal options they could have access to. This system has helped thousands of people, especially in California

While acquiring precise and intelligent state sensing and control capabilities, the cyber physical power system is constantly exposed to the potential cyber-attack threat. False data injection (FDI) attack attempts to disrupt the normal operation of the power system through the coupling of cyber side and physical side. To deal with the situation that stealthy FDI attack can bypass the bad data detection and thus trigger false commands, a system feature extraction method in state estimation is proposed, and the corresponding FDI attack detection method is presented. Based on the principles of state estimation and stealthy FDI attack, we analyze the impacts of FDI attack on measurement residual. Gaussian fitting method is used to extract the characteristic parameters of residual distribution as the system feature, and attack detection is implemented in a sliding time window by comparison. Simulation results prove that the proposed attack detection method is effectiveness and efficiency.

Electrical substations in power grid act as the critical interface points for the transmission and distribution networks. Over the years, digital technology has been integrated into the substations for remote control and automation. As a result, substations are more prone to cyber attacks and exposed to digital vulnerabilities. One of the notable cyber attack vectors is the malicious command injection, which can lead to shutting down of substations and subsequently power outages as demonstrated in Ukraine Power Plant Attack in 2015. Prevailing measures based on cyber rules (e.g., firewalls and intrusion detection systems) are often inadequate to detect advanced and stealthy attacks that use legitimate-looking measurements or control messages to cause physical damage. Additionally, defenses that use physics-based approaches (e.g., power flow simulation, state estimation, etc.) to detect malicious commands suffer from high latency. Machine learning serves as a potential solution in detecting command injection attacks with high accuracy and low latency. However, sufficient datasets are not readily available to train and evaluate the machine learning models. In this paper, focusing on this particular challenge, we discuss various approaches for the generation of synthetic data that can be used to train the machine learning models. Further, we evaluate the models trained with the synthetic data against attack datasets that simulates malicious commands injections with different levels of sophistication. Our findings show that synthetic data generated with some level of power grid domain knowledge helps train robust machine learning models against different types of attacks.

This paper has a new network security evaluation method as an absorbing Markov chain-based assessment method. This method is different from other network security situation assessment methods based on graph theory. It effectively refinement issues such as poor objectivity of other methods, incomplete consideration of evaluation factors, and mismatching of evaluation results with the actual situation of the network. Firstly, this method collects the security elements in the network. Then, using graph theory combined with absorbing Markov chain, the threat values of vulnerable nodes are calculated and sorted. Finally, the maximum possible attack path is obtained by blending network asset information to determine the current network security status. The experimental results prove that the method fully considers the vulnerability and threat node ranking and the specific case of system network assets, which makes the evaluation result close to the actual network situation.

Artificial intelligence (AI) and machine learning (ML) have been used in transforming our environment and the way people think, behave, and make decisions during the last few decades [1]. In the last two decades everyone connected to the Internet either an enterprise or individuals has become concerned about the security of his/their computational resources. Cybersecurity is responsible for protecting hardware and software resources from cyber attacks e.g. viruses, malware, intrusion, eavesdropping. Cyber attacks either come from black hackers or cyber warfare units. Artificial intelligence (AI) and machine learning (ML) have played an important role in developing efficient cyber security tools. This paper presents Latest Cyber Security Tools Based on Machine Learning which are: Windows defender ATP, DarckTrace, Cisco Network Analytic, IBM QRader, StringSifter, Sophos intercept X, SIME, NPL, and Symantec Targeted Attack Analytic.