Biblio

Estimation for obesity levels is always an important topic in medical field since it can provide useful guidance for people that would like to lose weight or keep fit. The article tries to find a model that can predict obesity and provides people with the information of how to avoid overweight. To be more specific, this article applied dimension reduction to the data set to simplify the data and tried to Figure out a most decisive feature of obesity through Principal Component Analysis (PCA) based on the data set. The article also used some machine learning methods like Support Vector Machine (SVM), Decision Tree to do prediction of obesity and wanted to find the major reason of obesity. In addition, the article uses Artificial Neural Network (ANN) to do prediction which has more powerful feature extraction ability to do this. Finally, the article found that family history of obesity is the most decisive feature, and it may because of obesity may be greatly affected by genes or the family eating diet may have great influence. And both ANN and Decision tree’s accuracy of prediction is higher than 90%.

With the development of technology, mobile phones are an indispensable part of human life. Factors such as brand, internal memory, wifi, battery power, camera and availability of 4G are now modifying consumers' decisions on buying mobile phones. But people fail to link those factors with the price of mobile phones; in this case, this paper is aimed to figure out the problem by using machine learning algorithms like Support Vector Machine, Decision Tree, K Nearest Neighbors and Naive Bayes to train the mobile phone dataset before making predictions of the price level. We used appropriate algorithms to predict smartphone prices based on accuracy, precision, recall and F1 score. This not only helps customers have a better choice on the mobile phone but also gives advice to businesses selling mobile phones that the way to set reasonable prices with the different features they offer. This idea of predicting prices level will give support to customers to choose mobile phones wisely in the future. The result illustrates that among the 4 classifiers, SVM returns to the most desirable performance with 94.8% of accuracy, 97.3 of F1 score (without feature selection) and 95.5% of accuracy, 97.7% of F1 score (with feature selection).

Android malware is continuously evolving at an alarming rate due to the growing vulnerabilities. This demands more effective malware detection methods. This paper presents DynaMalDroid, a dynamic analysis-based framework to detect malicious applications in the Android platform. The proposed framework contains three modules: dynamic analysis, feature engineering, and detection. We utilized the well-known CICMalDroid2020 dataset, and the system calls of apps are extracted through dynamic analysis. We trained our proposed model to recognize malware by selecting features obtained through the feature engineering module. Further, with these selected features, the detection module applies different Machine Learning classifiers like Random Forest, Decision Tree, Logistic Regression, Support Vector Machine, Naïve-Bayes, K-Nearest Neighbour, and AdaBoost, to recognize whether an application is malicious or not. The experiments have shown that several classifiers have demonstrated excellent performance and have an accuracy of up to 99%. The models with Support Vector Machine and AdaBoost classifiers have provided better detection accuracy of 99.3% and 99.5%, respectively.

With the ever increasing threat of malware, extensive research effort has been put on applying Deep Learning for malware classification tasks. Graph Neural Networks (GNNs) that process malware as Control Flow Graphs (CFGs) have shown great promise for malware classification. However, these models are viewed as black-boxes, which makes it hard to validate and identify malicious patterns. To that end, we propose CFG-Explainer, a deep learning based model for interpreting GNN-oriented malware classification results. CFGExplainer identifies a subgraph of the malware CFG that contributes most towards classification and provides insight into importance of the nodes (i.e., basic blocks) within it. To the best of our knowledge, CFGExplainer is the first work that explains GNN-based mal-ware classification. We compared CFGExplainer against three explainers, namely GNNExplainer, SubgraphX and PGExplainer, and showed that CFGExplainer is able to identify top equisized subgraphs with higher classification accuracy than the other three models.

With the dramatic increase in malicious software, the sophistication and innovation of malware have increased over the years. In particular, the dynamic analysis based on the deep neural network has shown high accuracy in malware detection. However, most of the existing methods only employ the raw API sequence feature, which cannot accurately reflect the actual behavior of malicious programs in detail. The relationship between API calls is critical for detecting suspicious behavior. Therefore, this paper proposes a malware detection method based on the graph neural network. We first connect the API sequences executed by different processes to build a directed process graph. Then, we apply Bert to encode the API sequences of each process into node embedding, which facilitates the semantic execution information inside the processes. Finally, we employ GCN to mine the deep semantic information based on the directed process graph and node embedding. In addition to presenting the design, we have implemented and evaluated our method on 10,000 malware and 10,000 benign software datasets. The results show that the precision and recall of our detection model reach 97.84% and 97.83%, verifying the effectiveness of our proposed method.

Most IoT malware is variants generated by editing and reusing parts of the functions based on publicly available source codes. In our previous study, we proposed a method to estimate the functions of a specimen using the Function Call Sequence Graph (FCSG), which is a directed graph of execution sequence of function calls. In the FCSG-based method, the subgraph corresponding to a malware functionality is manually created and called a signature-FSCG. The specimens with the signature-FSCG are expected to have the corresponding functionality. However, this method cannot detect the specimens with a slightly different subgraph from the signature-FSCG. This paper found that these specimens were supposed to have the same functionality for a signature-FSCG. These specimens need more flexible signature matching, and we propose a graph embedding technique to realize it.

With the rapid growth of the number of global network entities and interconnections, the security risks of network relationships are constantly accumulating. As the basis of network interconnection and communication, Internet routing is facing severe challenges such as insufficient online monitoring capability of large-scale routing events and lack of effective and credible verification mechanism. Major global routing security events emerge one after another, causing extensive and far-reaching impacts. To solve these problems, China Telecom studied the BGP (border gateway protocol) SDN (software defined network) controller technology to monitor the interconnection routing, constructed the global routing information database trust source integrating multi-dimensional information and developed the function of the protocol level based real-time monitoring system of Internet routing security events. Through these means, it realizes the second-level online monitoring capability of large-scale IP network Internet service routing events, forms the minute-level route leakage interception and route hijacking blocking solutions, and achieves intelligent protection capability of Internet routing security.

The analysis shows how important Power Network Measuring and Characterization (PSMC) is to the plan. Networks planning and oversight for the transmission of electrical energy is becoming increasingly frequent. In reaction to the current contest of assimilating trying to cut charging in the crate, estimation, information sharing, but rather govern into PSMC reasonable quantities, Electrical Transmit Monitoring and Management provides a thorough outline of founding principles together with smart sensors for domestic spying, security precautions, and control of developed broadening power systems.Electricity supply control must depend increasingly heavily on telecommunications infrastructure to manage and run their processes because of the fluctuation in transmission and distribution of electricity. A wider attack surface will also be available to threat hackers as a result of the more communications. Large-scale blackout have occurred in the past as a consequence of cyberattacks on electrical networks. In order to pinpoint the key issues influencing power grid computer networks, we looked at the network infrastructure supporting electricity grids in this research.

With the advent of the Internet era, all walks of life in our country have undergone earth-shaking changes, especially the drone and geographic information industries, which have developed rapidly under the impetus of the Internet of Things era. However, with the continuous development of science and technology, the network structure has become more and more complex, and the types of network attacks have varied. UAV information security and geographic information data have appeared security risks on the network. These hidden dangers have contributed to the progress of the drone and geographic information industry. And development has caused a great negative impact. In this regard, this article will conduct research on the network security of UAV systems and geographic information data, which can effectively assess the network security risks of UAV systems, and propose several solutions to potential safety hazards to reduce UAV networks. Security risks and losses provide a reference for UAV system data security.

Nowadays, smart cities (SCs) use technologies and different types of data collected to improve the lifestyles of their citizens. Indeed, connected smart vehicles are technologies used for an SC’s intelligent traffic monitoring systems (ITMSs). However, most proposed monitoring approaches do not consider realtime monitoring. This paper presents real-time data processing for an intelligent traffic monitoring dashboard using the Hadoop ecosystem dashboard components. Many data are available due to our proposed monitoring approach, such as the total number of vehicles on different routes and data on trucks within a radius (10KM) of a specific point given. Based on our generated data, we can make real-time decisions to improve circulation and optimize traffic flow.

Evaluating the security gains brought by software diversity is one key issue of software diversity research, but the existing software diversity evaluation methods are generally based on conventional code features and are relatively single, which are difficult to accurately reflect the security gains brought by software diversity. To solve these problems, from the perspective of return-oriented programming (ROP) attack, we present a software diversity evaluation method which integrates metrics for the quality and distribution of gadgets. Based on the proposed evaluation method and SpiderMonkey JavaScript engine, we implement a software diversity evaluation system for compiled languages and script languages. Diversity techniques with different granularities are used to test. The evaluation results show that the proposed evaluation method can accurately and comprehensively reflect the security gains brought by software diversity.

At present, code reuse attacks, such as Return Oriented Programming (ROP), execute attacks through the code of the application itself, bypassing the traditional defense mechanism and seriously threatening the security of computer software. The existing two mainstream defense mechanisms, Address Space Layout Randomization (ASLR), are vulnerable to information disclosure attacks, and Control-Flow Integrity (CFI) will bring high overhead to programs. At the same time, due to the widespread use of software of unknown origin, there is no source code provided or available, so it is not always possible to secure the source code. In this paper, we propose FRCFI, an effective method based on binary rewriting to prevent code reuse attacks. FRCFI first disrupts the program's memory space layout through function shuffling and NOP insertion, then verifies the execution of the control-flow branch instruction ret and indirect call/jmp instructions to ensure that the target address is not modified by attackers. Experiment show shows that FRCFI can effectively defend against code reuse attacks. After randomization, the survival rate of gadgets is only 1.7%, and FRCFI adds on average 6.1% runtime overhead on SPEC CPU2006 benchmark programs.

From an information-theoretic standpoint, the intrusion detection process can be examined. Given the IDS output(alarm data), we should have less uncertainty regarding the input (event data). We propose the Capability of Intrusion Detection (CID) measure, which is simply the ratio of mutual information between IDS input and output, and the input of entropy. CID has the desirable properties of (1) naturally accounting for all important aspects of detection capability, such as true positive rate, false positive rate, positive predictive value, negative predictive value, and base rate, (2) objectively providing an intrinsic measure of intrusion detection capability, and (3) being sensitive to IDS operation parameters. When finetuning an IDS, we believe that CID is the best performance metric to use. In terms of the IDS’ inherent ability to classify input data, the so obtained operation point is the best that it can achieve.

Artificial Intelligence (AI) technology is developing rapidly, permeating every aspect of human life. Although the integration between AI and communication contributes to the flourishing development of wireless communication, it induces severer security problems. As a supplement to the upper-layer cryptography protocol, physical layer security has become an intriguing technology to ensure the security of wireless communication systems. However, most of the current physical layer security research does not consider the intelligence and mobility of collusive eavesdroppers. In this paper, we consider a MIMO system model with a friendly intelligent jammer against multiple collusive intelligent eavesdroppers, and zero-sum game is exploited to formulate the confrontation of them. The Nash equilibrium is derived by convex optimization and alternative optimization in the free-space scenario of a single user system. We propose a zero-sum game deep learning algorithm (ZGDL) for general situations to solve non-convex game problems. In terms of the effectiveness, simulations are conducted to confirm that the proposed algorithm can obtain the Nash equilibrium.

This paper assesses the impact on the performance that information-theoretic physical layer security (IT-PLS) introduces when integrated into a 5G New Radio (NR) system. For this, we implement a wiretap code for IT-PLS based on a modular coding scheme that uses a universal-hash function in its security layer. The main advantage of this approach lies in its flexible integration into the lower layers of the 5G NR protocol stack without affecting the communication's reliability. Specifically, we use IT-PLS to secure the transmission of downlink control information by integrating an extra pre-coding security layer as part of the physical downlink control channel (PDCCH) procedures, thus not requiring any change of the 3GPP 38 series standard. We conduct experiments using a real-time open-source 5G NR standalone implementation and use software-defined radios for over-the-air transmissions in a controlled laboratory environment. The overhead added by IT-PLS is determined in terms of the latency introduced into the system, which is measured at the physical layer for an end-to-end (E2E) connection between the gNB and the user equipment.

Building occupancy data helps increase energy management systems’ performance, enabling lower energy use while preserving occupant comfort. The focus of this study is employing environmental data (e.g., including but not limited to temperature, humidity, carbon dioxide (CO2), etc.) to infer occupancy information. This will be achieved by exploring the application of information theory metrics with machine learning (ML) approaches to classify occupancy levels for a given dataset. Three datasets and six distinct ML algorithms were used in a comparative study to determine the best strategy for identifying occupancy patterns. It was determined that both k-nearest neighbors (kNN) and random forest (RF) identify occupancy labels with the highest overall level of accuracy, reaching 97.99% and 98.56%, respectively.

Insider threats have high risk and concealment characteristics, which makes traditional anomaly detection methods less effective in insider threat detection. Existing detection methods ignore the logical relationship between user behaviors and the consistency of behavior sequences among homogeneous users, resulting in poor model effects. We propose an insider threat detection method based on internal user heterogeneous graph embedding. Firstly, according to the characteristics of CERT data, comprehensively consider the relationship between users, the time sequence, and logical relationship, and construct a heterogeneous graph. In the second step, according to the characteristics of heterogeneous graphs, the embedding learning of graph nodes is carried out according to random walk and Word2vec. Finally, we propose an Insider Threat Detection Design (ITDD) model which can map and the user behavior sequence information into a high-dimensional feature space. In the CERT r5.2 dataset, compared with a variety of traditional machine learning methods, the effect of our method is significantly better than the final result.

The 6G wireless communication networks are being studied to build a powerful networking system with global coverage, enhanced spectral/energy/cost efficiency, better intelligent level and security. This paper presents a four-in-one networking paradigm named 3CL-Net that would broaden and strengthen the capabilities of current networking by introducing ubiquitous computing, caching, and intelligence over the communication connection to build 6G-required capabilities. To evaluate the practicability of 3CL-Net, this paper designs a platform based on the 3CL-Net architecture. The platform adopts leader-followers structure that could support all functions of 3CL-Net, but separate missions of 3CL-Net into two parts. Moreover, this paper has implemented part of functions as a prototype, on which some experiments are carried out. The results demonstrate that 3CL-Net is potential to be a practical and effective network paradigm to meet future requirements, meanwhile, 3CL-Net could motivate designs of related platforms as well.

The 5G research community is increasingly leveraging the innovative features offered by Information Centric Networking (ICN). However, ICN’s fundamental features, such as in-network caching, make access control enforcement more challenging in an ICN-based 5G deployment. To address this shortcoming, we propose a Blockchain-based Decentralized Authentication Protocol (BDAP) which enables efficient and secure mobile user authentication in an ICN-based 5G network. We show that BDAP is robust against a variety of attacks to which mobile networks and blockchains are particularly vulnerable. Moreover, a preliminary performance analysis suggests that BDAP can reduce the authentication delay compared to the standard 5G authentication protocols.

The Industrial Internet expands the attack surface of industrial control systems(ICS), bringing cybersecurity threats to industrial controllers located in operation technology(OT) networks. Honeypot technology is an important means to detect network attacks. However, the existing honeypot system cannot simulate business logic and is difficult to resist highly concealed APT attacks. This paper proposes a high-simulation ICS security defense framework based on virtualization technology. The framework utilizes virtualization technology to build twins for protected control systems. The architecture can infer the execution results of control instructions in advance based on actual production data, so as to discover hidden attack behaviors in time. This paper designs and implements a prototype system and demonstrates the effectiveness and potential of this architecture for ICS security.

With the increasing number of distributed energy sources and the growing demand for free exchange of energy, Energy internet (EI) is confronted with great challenges of persistent connection, stable transmission, real-time interaction, and security. The new definition of metaverse in the EI field is proposed as a potential solution for these challenges by establishing a massive and comprehensive fusion 3D network, which can be considered as the advanced stage of EI. The main characteristics of the metaverse such as reality to virtualization, interaction, persistence, and immersion are introduced. Specifically, we present the key enabling technologies of the metaverse including virtual reality, artificial intelligence, blockchain, and digital twin. Meanwhile, the potential applications are presented from the perspectives of immersive user experience, virtual power station, management, energy trading, new business, device maintenance. Finally, some challenges of metaverse in EI are concluded.

Metaverse opens up a new social networking paradigm where people can experience a real interactive feeling without physical space constraints. Social interactions are gradually evolving from text combined with pictures and videos to 3-dimensional virtual reality, making the social experience increasingly physical, implying that more metaverse applications with immersive experiences will be developed in the future. However, the increasing data dimensionality and volume for new metaverse applications present a significant challenge in data acquisition, security, and sharing. Furthermore, metaverse applications require high capacity and ultrareliability for the wireless system to guarantee the quality of user experience, which cannot be addressed in the current fifth-generation system. Therefore, reaching the metaverse is dependent on the revolution in the sixth-generation (6G) wireless communication, which is expected to provide low-latency, high-throughput, and secure services. This article provides a comprehensive view of metaverse applications and investigates the fundamental technologies for the 6G toward metaverse.

Memory corruption attacks have existed for multiple decades, and have become a major threat to computer systems. At the same time, a number of defense techniques have been proposed by research community. With the wide adoption of CPU-based memory safety solutions, sophisticated attackers tend to tamper with system memory via direct memory access (DMA) attackers, which leverage DMA-enabled I/O peripherals to fully compromise system memory. The Input-Output Memory Management Units (IOMMUs) based solutions are widely believed to mitigate DMA attacks. However, recent works point out that attackers can bypass IOMMU-based protections by manipulating the DMA interfaces, which are particularly vulnerable to race conditions and other unsafe interactions.State-of-the-art hardware-supported memory protections rely on metadata to perform security checks on memory access. Consequently, the additional memory request for metadata results in significant performance degradation, which limited their feasibility in real world deployments. For quantitative analysis, we separate the total metadata access latency into DRAM latency, on-chip latency, and cache latency, and observe that the actual DRAM access is less than half of the total latency. To minimize metadata access latency, we propose EMC, a low-overhead heap memory safety solution that implements a tripwire based mechanism on the memory controller. In addition, by using memory controller as a natural gateway of various memory access data paths, EMC could provide comprehensive memory safety enforcement to all memory data paths from/to system physical memory. Our evaluation shows an 0.54% performance overhead on average for SPEC 2017 workloads.

Remotely connected devices have been adopted in several industrial control systems (ICS) recently due to the advancement in the Industrial Internet of Things (IIoT). This led to new security vulnerabilities because of the expansion of the attack surface. Moreover, cybersecurity incidents in critical infrastructures are increasing. In the ICS, RS-485 cables are widely used in its network for serial communication between each component. However, almost 30 years ago, most of the industrial network protocols implemented over RS-485 such as Modbus were designed without security features. Therefore, anomaly detection is required in industrial control networks to secure communication in the systems. The goal of this paper is to study unsupervised anomaly detection in RS-485 traffic using autoencoders. Five threat scenarios in the physical layer of the industrial control network are proposed. The novelty of our method is that RS-485 traffic is collected indirectly by an analog-to-digital converter. In the experiments, multilayer perceptron (MLP), 1D convolutional, Long Short-Term Memory (LSTM) autoencoders are trained to detect anomalies. The results show that three autoencoders effectively detect anomalous traffic with F1-scores of 0.963, 0.949, and 0.928 respectively. Due to the indirect traffic collection, our method can be practically applied in the industrial control network.

In recent years, the design of anomaly detectors has attracted a tremendous surge of interest due to security issues in industrial control systems (ICS). Restricted by hardware resources, most anomaly detectors can only be deployed at the remote monitoring ends, far away from the control sites, which brings potential threats to anomaly detection. In this paper, we propose an active real-time anomaly detection framework deployed in the controller of OpenPLC, which is a standardized open-source PLC and has high scalability. Specifically, we add adaptive active noises to control signals, and then identify a linear dynamic system model of the plant offline and implement it in the controller. Finally, we design two filters to process the estimated residuals based on the obtained model and use χ2 detector for anomaly detection. Extensive experiments are conducted on an industrial control virtual platform to show the effectiveness of the proposed detection framework.