Biblio

Malicious cybersecurity activities have become increasingly worrisome for individuals and companies alike. While machine learning methods like Graph Neural Networks (GNNs) have proven successful on the malware detection task, their output is often difficult to understand. Explainable malware detection methods are needed to automatically identify malicious programs and present results to malware analysts in a way that is human interpretable. In this survey, we outline a number of GNN explainability methods and compare their performance on a real-world malware detection dataset. Specifically, we formulated the detection problem as a graph classification problem on the malware Control Flow Graphs (CFGs). We find that gradient-based methods outperform perturbation-based methods in terms of computational expense and performance on explainer-specific metrics (e.g., Fidelity and Sparsity). Our results provide insights into designing new GNN-based models for cyber malware detection and attribution.

With the rapid growth of the number of global network entities and interconnections, the security risks of network relationships are constantly accumulating. As the basis of network interconnection and communication, Internet routing is facing severe challenges such as insufficient online monitoring capability of large-scale routing events and lack of effective and credible verification mechanism. Major global routing security events emerge one after another, causing extensive and far-reaching impacts. To solve these problems, China Telecom studied the BGP (border gateway protocol) SDN (software defined network) controller technology to monitor the interconnection routing, constructed the global routing information database trust source integrating multi-dimensional information and developed the function of the protocol level based real-time monitoring system of Internet routing security events. Through these means, it realizes the second-level online monitoring capability of large-scale IP network Internet service routing events, forms the minute-level route leakage interception and route hijacking blocking solutions, and achieves intelligent protection capability of Internet routing security.

The data of large-scale distributed demand-side iot devices are gradually migrated to the cloud. This cloud deployment mode makes it convenient for IoT devices to participate in the interaction between supply and demand, and at the same time exposes various vulnerabilities of IoT devices to the Internet, which can be easily accessed and manipulated by hackers to launch large-scale DDoS attacks. As an easy-to-understand supervised learning classification algorithm, KNN can obtain more accurate classification results without too many adjustment parameters, and has achieved many research achievements in the field of DDoS detection. However, in the face of high-dimensional data, this method has high operation cost, high cost and not practical. Aiming at this disadvantage, this chapter explores the potential of classical KNN algorithm in data storage structure, K-nearest neighbor search and hyperparameter optimization, and proposes an improved KNN algorithm for DDoS attack detection of demand-side IoT devices.

Using the methods of literature and interview, this paper analyzes the current situation of performance evaluation of volunteers in large-scale games based on mobile Internet, By analyzing the popularity of mobile Internet, the convenience of performance evaluation, the security and privacy of performance evaluation, this paper demonstrates the necessity of performance evaluation of volunteers in large-scale games based on mobile Internet, This paper puts forward the Countermeasures of performance evaluation of volunteers in large-scale games based on mobile Internet.

In the traditional Internet of Vehicles, communication data is easily tampered with and easily leaked. In order to improve the trust evaluation mechanism of the Internet of Vehicles and establish a trust relationship between vehicles, a blockchain-based Internet of Vehicles trust evaluation (BBTE) scheme is proposed. First, the scheme uses the roadside unit RSU to calculate the trust value of vehicle nodes and maintain the generation, verification and storage of blocks, so as to realize distributed data storage and ensure that data cannot be tampered with. Secondly, an efficient trust evaluation method is designed. The method integrates four trust decision factors: initial trust, historical experience trust, recommendation trust and RSU observation trust to obtain the overall trust value of vehicle nodes. In addition, in the process of constructing the recommendation trust method, the recommendation trust is divided into three categories according to the interaction between the recommended vehicle node and the communicator, use CRITIC to obtain the optimal weights of three recommended trusts, and use CRITIC to obtain the optimal weights of four trust decision-making factors to obtain the final trust value. Finally, the NS3 simulation platform is used to verify the security and accuracy of the trust evaluation method, and to improve the identification accuracy and detection rate of malicious vehicle nodes. The experimental analysis shows that the scheme can effectively deal with the gray hole attack, slander attack and collusion attack of other vehicle nodes, improve the security of vehicle node communication interaction, and provide technical support for the basic application of Internet of Vehicles security.

With the advent of the Internet era, all walks of life in our country have undergone earth-shaking changes, especially the drone and geographic information industries, which have developed rapidly under the impetus of the Internet of Things era. However, with the continuous development of science and technology, the network structure has become more and more complex, and the types of network attacks have varied. UAV information security and geographic information data have appeared security risks on the network. These hidden dangers have contributed to the progress of the drone and geographic information industry. And development has caused a great negative impact. In this regard, this article will conduct research on the network security of UAV systems and geographic information data, which can effectively assess the network security risks of UAV systems, and propose several solutions to potential safety hazards to reduce UAV networks. Security risks and losses provide a reference for UAV system data security.

With the development of urbanization, the number of vehicles is gradually increasing, and vehicles are gradually developing in the direction of intelligence. How to ensure that the data of intelligent vehicles is not tampered in the process of transmission to the cloud is the key problem of current research. Therefore, we have established a data security transmission system based on blockchain. First, we collect and filter vehicle data locally, and then use blockchain technology to transmit key data. Through the smart contract, the key data is automatically and accurately transmitted to the surrounding node vehicles, and the vehicles transmit data to each other to form a transaction and spread to the whole network. The node data is verified through the node data consensus protocol of intelligent vehicle data security transmission system, and written into the block to form a blockchain. Finally, the vehicle user can query the transaction record through the vehicle address. The results show that we can safely and accurately transmit and query vehicle data in the blockchain database.

Internet of Vehicles consists of a three-layer architecture of electric vehicles, charging piles, and a grid dispatch management control center. Therefore, V2G presents multi-level, multi-agent and frequent information interaction, which requires a highly secure and lightweight identity authentication method. Based on the characteristics of Internet of Vehicles, this paper designs a multi-subject information interaction and one-way hash chain authentication method, it includes one-way hash chain and key distribution update strategy. The operation experiment of multiple electric vehicles and charging piles shows that the algorithm proposed in this paper can meet the V2G ID authentication requirements of Internet of Vehicles, and has the advantages of lightweight and low consumption. It is of great significance to improve the security protection level of Internet of Vehicles V2G.

The scale of the intelligent networked vehicle market is expanding rapidly, and network security issues also follow. A Situational Awareness (SA) system can detect, identify, and respond to security risks from a global perspective. In view of the discrete and weak correlation characteristics of perceptual data, this paper uses the Fly Optimization Algorithm (FOA) based on dynamic adjustment of the optimization step size to improve the convergence speed, and optimizes the extraction model of security situation element of the Internet of Vehicles (IoV), based on Probabilistic Neural Network (PNN), to improve the accuracy of element extraction. Through the comparison of experimental algorithms, it is verified that the algorithm has fast convergence speed, high precision and good stability.

Intelligent Systems for Personal Data Cyber Security is a critical component of the Personal Information Management of Medicaid Enterprises. Intelligent Systems for Personal Data Cyber Security combines components of Cyber Security Systems with Human-Computer Interaction. It also uses the technology and principles applied to the Internet of Things. The use of software-hardware concepts and solutions presented in this report is, in the authors’ opinion, some step in the working-out of the Intelligent Systems for Personal Data Cyber Security in Medicaid Enterprises. These concepts may also be useful for developers of these types of systems.

In the field of airport passenger security, a new type of security inspection equipment called intelligent passenger security equipment is applied widely, which can significantly improve the efficiency of airport security screening and passenger satisfaction. This paper establishes a security check channel model based on intelligent passenger security check equipment, and studies the factors affecting the efficiency of airport security screening, such as the number of baggage unloading points, baggage loading points, secondary inspection points, etc. A simulation model of security check channel is established based on data from existing intelligent passenger security check equipment and data collected from Beijing Daxing Airport. Equipment utilization and queue length data is obtained by running the simulation model. According to the data, the bottleneck is that the manual inspection process takes too long, and the utilization rate of the baggage unloading point is too low. For the bottleneck link, an optimization scheme is proposed. With more manual check points and secondary inspection points and less baggage unloading points, the efficiency of airport security screening significantly increases by running simulation model. Based on the optimized model, the effect of baggage unloading point and baggage loading point on efficiency is further studied. The optimal parameter configuration scheme under the expected efficiency is obtained. This research can assist engineers to find appropriate equipment configuration quickly and instruct the airport to optimize the arrangement of security staff, which can effectively improve the efficiency of airport security screening and reduce the operating costs of airport.

The recent 5G networks aim to provide higher speed, lower latency, and greater capacity; therefore, compared to the previous mobile networks, more advanced and intelligent network security is essential for 5G networks. To detect unknown and evolving 5G network intrusions, this paper presents an artificial intelligence (AI)-based network threat detection system to perform data labeling, data filtering, data preprocessing, and data learning for 5G network flow and security event data. The performance evaluations are first conducted on two well-known datasets-NSL-KDD and CICIDS 2017; then, the practical testing of proposed system is performed in 5G industrial IoT environments. To demonstrate detection against network threats in real 5G environments, this study utilizes the 5G model factory, which is downscaled to a real smart factory that comprises a number of 5G industrial IoT-based devices.

The application of mobile intelligent terminal in the environment is very complex, and its own computing capacity is also very limited, so it is vulnerable to malicious attacks. The security classification of mobile intelligent terminals can effectively ensure the security of their use. Therefore, a security classification method for mobile intelligent terminals based on multi-source data fusion is proposed. The Boolean value is used to count the multi-source data of the mobile intelligent terminal, and the word frequency method is used to calculate the weight of the multi-source data of the mobile intelligent terminal. The D-S evidence theory is used to complete the multi-source data fusion of the mobile intelligent terminal and implement the multi-source data fusion processing of the mobile intelligent terminal. On this basis, the security level permission value of mobile intelligent terminal is calculated to achieve the security level division of mobile intelligent terminal based on multi-source data fusion. The experimental results show that the accuracy of mobile intelligent terminal security classification is higher than 96% and the classification time is less than 3.8 ms after the application of the proposed method. Therefore, the security level of mobile intelligent terminals after the application of this method is high, and the security performance of mobile intelligent terminals is strong, which can effectively improve the accuracy of security classification and shorten the time of security classification.

In order to meet the needs of intellectual property protection and controlled sharing of scientific research sensitive data, a mechanism is proposed for security protection throughout “transfer, store and use” process of sensitive data which based on blockchain. This blockchain bottom layer security is reinforced. First, the encryption algorithm used is replaced by the national secret algorithm and the smart contract is encapsulated as API at the gateway level. Signature validation is performed when the API is used to prevent illegal access. Then the whole process of data up-chain, storage and down-chain is encrypted, and a mechanism of data structure query and data query condition construction based on blockchain smart is provided to ensure that the data is “usable and invisible”. Finally, data access control is ensured through role-based and hierarchical protection, and the blockchain base developed has good extensibility, which can meet the requirement of sensitive data security protection in scientific research filed and has broad application prospects.

Artificial intelligence creation comes into fashion and has brought unprecedented challenges to intellectual property law. In order to study the viewpoints of AI creation copyright ownership from professionals in different institutions, taking the papers of AI creation on CNKI from 2016 to 2021, we applied orthogonal design and analysis of variance method to construct the dataset. A kernel-SVM classifier with different kernel methods in addition to some shallow machine learning classifiers are selected in analyzing and predicting the copyright ownership of AI creation. Support vector machine (svm) is widely used in statistics and the performance of SVM method is closely related to the choice of the kernel function. SVM with RBF kernel surpasses the other seven kernel-SVM classifiers and five shallow classifier, although the accuracy provided by all of them was not satisfactory. Various performance metrics such as accuracy, F1-score are used to evaluate the performance of KSVM and other classifiers. The purpose of this study is to explore the overall viewpoints of AI creation copyright ownership, investigate the influence of different features on the final copyright ownership and predict the most likely viewpoint in the future. And it will encourage investors, researchers and promote intellectual property protection in China.

The rapid improvement of computer and network technology not only promotes the improvement of productivity and facilitates people's life, but also brings new threats to production and life. Cyberspace security has attracted more and more attention. Different from traditional cyberspace security, APT attacks on key networks or infrastructure, with the main goal of stealing intellectual property, confidential information or sabotage, seriously threatening the interests and security of governments, enterprises and scientific research institutions. Timely detection and blocking is particularly important. The purpose of this paper is to study the security of software supply chain in power industry based on BAS technology. The experimental data shows that Type 1 projects account for the least amount and Type 2 projects account for the highest proportion. Type 1 projects have high unit price contracts and high profits, but the number is small and the time for signing orders is long.

Due to its decentralized trust mechanism, blockchain is increasingly used as a trust intermediary for multi-party cooperation to reduce the cost and risk of maintaining centralized trust nowadays. And as the requirements for privacy and high throughput, consortium blockchain is widely used in data sharing and business cooperation in practical application scenarios. Nowadays, the protection of traditional medicine has been regarded as human intangible cultural heritage in recent years, but this kind of protection still faces the problem that traditional medicine prescriptions are unsuitable for disclosure and difficult to protect. Hyperledger is a consortium blockchain featuring authorized access, high throughput, and tamper-resistance, making it ideal for privacy protection and information depository in traditional medicine protection. This study proposes a solution for intellectual property protection of traditional medicine by using a blockchain platform to record prescription iterations and clinical trial data. The privacy and confidentiality of Hyperledger can keep intellectual property information safe and private. In addition, the author proposes to invite the Patent Offices and legal institutions to join the blockchain network, maintain users' properties and issue certificates, which can provide a legal basis for rights protection when infringement occurs. Finally, the researchers have built a system corresponding to the scheme and tested the system. The test outcomes of the system can explain the usability of the system. And through the test of system throughput, under low system configuration, it can reach about 200 query operations per second, which can meet the application requirements of relevant organizations and governments.

[Purpose/meaning] In this paper, a unified scheme based on blockchain technology to realize the three modules of intellectual property confirmation, utilization, and protection of rights at the application layer is constructed, to solve the problem of unbalanced and inadequate resource distribution and development level in the field of industrial intellectual property. [Method/process] Based on the application of the core technology of blockchain in the field of intellectual property, this paper analyzes the pain points in the current field of intellectual property, and selects matching blockchain types according to the protection of intellectual property and the different decisions involved in the transaction process, to build a heterogeneous multi-chain model based on blockchain technology. [Conclusion] The heterogeneous multi-chain model based on Polkadot[1] network is proposed to realize the intellectual property protection scheme of a heterogeneous multi-chain model, to promote collaborative design and product development between regions, and to make up for the shortcomings of technical exchange, and weaken the phenomenon of "information island" in a certain extent. [Limitation/deficiency] The design of smart contracts in the field of intellectual property, the development of cross-chain protocols, and the formulation of national standards for blockchain technology still need to be developed and improved. At the same time, the intellectual property protection model designed in this paper needs to be verified in the application of practical cases.

Access control includes authorization of security administrators and access of users. Aiming at the problems of log information storage difficulty and easy tampering faced by auditing and traceability forensics of authorization and access in cross-domain scenarios, we propose an access control auditing and traceability forensics method based on Blockchain, whose core is Ethereum Blockchain and IPFS interstellar mail system, and its main function is to store access control log information and trace forensics. Due to the technical characteristics of blockchain, such as openness, transparency and collective maintenance, the log information metadata storage based on Blockchain meets the requirements of distribution and trustworthiness, and the exit of any node will not affect the operation of the whole system. At the same time, by storing log information in the blockchain structure and using mapping, it is easy to locate suspicious authorization or judgment that lead to permission leakage, so that security administrators can quickly grasp the causes of permission leakage. Using this distributed storage structure for security audit has stronger anti-attack and anti-risk.

With the inundation of more cost effective and improved flight performance Unmanned Aerial Vehicles (UAVs) into the consumer market, we have seen more uses of these for both leisure and business purposes. As such, demand for digital forensic examination on these devices has seen an increase as well. This research will explore and discuss the forensic examination process on one of the more popular brands of UAV in Singapore, namely DJI. The findings are from the examination of the exposed File Transfer Protocol (FTP) channel and the extraction of the Data-at-Rest on the memory chip of the drone. The extraction was done using the Chip-Off and Chip-On technique.

With large advancements in image display technology, recapturing high-quality images from high-fidelity LCD screens becomes much easier. Such recaptured images can be used to hide image tampering traces and fool some intelligent identification systems. In order to prevent such a security loophole, we propose a recaptured image detection approach based on generalized central difference convolution (GCDC) network. Specifically, by using GCDC instead of vanilla convolution, more detailed features can be extracted from both intensity and gradient information from an image. Meanwhile, we concatenate the feature maps from multiple GCDC modules to fuse low-, mid-, and high-level features for higher performance. Extensive experiments on three public recaptured image databases demonstrate the superior of our proposed method when compared with the state-of-the-art approaches.

There are a large number of illegal websites on the Internet, such as pornographic websites, gambling websites, online fraud websites, online pyramid selling websites, etc. This paper studies the use of crawler technology for digital forensics on illegal websites. First, a crawler based illegal website forensics program is designed and developed, which can detect the peripheral information of illegal websites, such as domain name, IP address, network topology, and crawl key information such as website text, pictures, and scripts. Then, through comprehensive analysis such as word cloud analysis, word frequency analysis and statistics on the obtained data, it can help judge whether a website is illegal.

With the advent of information and communication technology, the digital space is becoming a playing ground for criminal activities. Criminals typically prefer darkness or a hidden place to perform their illegal activities in a real-world while sometimes covering their face to avoid being exposed and getting caught. The same applies in a digital world where criminals prefer features which provide anonymity or hidden features to perform illegal activities. It is from this spirit the Darkweb is attracting all kinds of criminal activities conducted over the Internet such as selling drugs, illegal weapons, child pornography, assassination for hire, hackers for hire, and selling of malicious exploits, to mention a few. Although the anonymity offered by Darkweb can be exploited as a tool to arrest criminals involved in cybercrime, an in-depth research is needed to advance criminal investigation on Darkweb. Analysis of illegal activities conducted in Darkweb is in its infancy and faces several challenges like lack of standard operating procedures. This study proposes progressive standard operating procedures (SOPs) for Darkweb forensics investigation. We provide the four stages of SOP for Darkweb investigation. The proposed SOP consists of the following stages; identification and profiling, discovery, acquisition and preservation, and the last stage is analysis and reporting. In each stage, we consider the objectives, tools and expected results of that particular stage. Careful consideration of this SOP revealed promising results in the Darkweb investigation.

In Production System Engineering (PSE), domain experts from different disciplines reuse assets such as products, production processes, and resources. Therefore, PSE organizations aim at establishing reuse across engineering disciplines. However, the coordination of multi-disciplinary reuse tasks, e.g., the re-validation of related assets after changes, is hampered by the coarse-grained representation of tasks and by scattered, heterogeneous domain knowledge. This paper introduces the Multi-disciplinary Reuse Coordination (MRC) artifact to improve task management for multi-disciplinary reuse. For assets and their properties, the MRC artifact describes sub-tasks with progress and result states to provide references for detailed reuse task management across engineering disciplines. In a feasibility study on a typical robot cell in automotive manufacturing, we investigate the effectiveness of task management with the MRC artifact compared to traditional approaches. Results indicate that the MRC artifact is feasible and provides effective capabilities for coordinating multi-disciplinary re-validation after changes.

Evaluating the security gains brought by software diversity is one key issue of software diversity research, but the existing software diversity evaluation methods are generally based on conventional code features and are relatively single, which are difficult to accurately reflect the security gains brought by software diversity. To solve these problems, from the perspective of return-oriented programming (ROP) attack, we present a software diversity evaluation method which integrates metrics for the quality and distribution of gadgets. Based on the proposed evaluation method and SpiderMonkey JavaScript engine, we implement a software diversity evaluation system for compiled languages and script languages. Diversity techniques with different granularities are used to test. The evaluation results show that the proposed evaluation method can accurately and comprehensively reflect the security gains brought by software diversity.