Biblio

Modern vehicles have multiple electronic control units (ECUs) that are connected together as part of a complex distributed cyber-physical system (CPS). The ever-increasing communication between ECUs and external electronic systems has made these vehicles particularly susceptible to a variety of cyber-attacks. In this work, we present a novel anomaly detection framework called TENET to detect anomalies induced by cyber-attacks on vehicles. TENET uses temporal convolutional neural networks with an integrated attention mechanism to learn the dependency between messages traversing the in-vehicle network. Post deployment in a vehicle, TENET employs a robust quantitative metric and classifier, together with the learned dependencies, to detect anomalous patterns. TENET is able to achieve an improvement of 32.70% in False Negative Rate, 19.14% in the Mathews Correlation Coefficient, and 17.25% in the ROC-AUC metric, with 94.62% fewer model parameters, and 48.14% lower inference time compared to the best performing prior works on automotive anomaly detection.

At the end of the IT Security degree program a simulation game is conducted to repeat and consolidate the core skills of a Bachelor’s graduate. The focus is not on teaching content, but on the application of already learned skills. The scenario shows the students the risks of a completely networked world, which has come to a complete standstill due to a catastrophe. The participants occupy in groups the predefined companies, which are assigned with the reconstruction of the communication infrastructure (the internet). This paper describes the preparation, technical and organizational implementation of the. Also, the most important conclusions drawn by the authors.

In recent years, research has focused on exploiting the inherent physical (PHY) characteristics of wireless channels to discriminate between different spatially separated network terminals, mitigating the significant costs of signature-based techniques. In this paper, the legitimacy of the corresponding terminal is firstly verified at the protocol stack’s upper layers, and then the re-authentication process is performed at the PHY-layer. In the latter, a unique PHY-layer signature is created for each transmission based on the spatially and temporally correlated channel attributes within the coherence time interval. As part of the verification process, the PHY-layer signature can be used as a message authentication code to prove the packet’s authenticity. Extensive simulation has shown the capability of the proposed scheme to support high detection probability at small signal-to-noise ratios. In addition, security evaluation is conducted against passive and active attacks. Computation and communication comparisons are performed to demonstrate that the proposed scheme provides superior performance compared to conventional cryptographic approaches.

Early detection of conflict potentials around the community is vital for the Central Java Regional Police Department, especially in the Analyst section of the Directorate of Security Intelligence. Performance in carrying out early detection will affect the peace and security of the community. The performance of potential conflict detection activities can be improved using an integrated early detection information system by shortening the time after observation, report preparation, information processing, and analysis. Developed using Unified Process as a software life cycle, the obtained result shows the time-based performance variables of the officers are significantly improved, including observation time, report production, data finding, and document formatting.

Inertial Confinement Fusion(ICF) uses the inertia of the substance itself to confine the nest-temperature thermonuclear fuel plasma to achieve thermonuclear fusion and obtain fusion energy. In the design of the local-volume ignition target capsule, the ignition zone and the main combustion zone are separated by heavy medium. The ignition zone is located in the center of the system (the part of the fusion combustion). The mass is small and can be compressed to high density and the overall temperature is raised to the ignition state (local-volume ignition). The temperature increase and density increase of the local volume ignition are relatively decoupled in time. The multi-step enhanced shock wave heats the fuel temperature drop, after which the collision effect accelerates the metal shell layer by layer, and uses the inertia of high-Z metal shell with a larger residual mass to achieve effective compression of the fuel areal after the driving source ends for a long time. Local volume ignition has the advantages of no need to reshape the radiation driving pulse, resistance to the influence of hot electrons, less demanding compression symmetry, and large combustion gain.

The MagNIF team at LLNL is developing a pulsed power platform to enable magnetized inertial confinement fusion and high energy density experiments at the National Ignition Facility. A pulsed solenoidal driver capable of premagnetizing fusion fuel to 40T is predicted to increase performance of indirect drive implosions. We have written a specialized Python code suite to support the delivery of a practical design optimized for target magnetization and risk mitigation. The code simulates pulsed power in parameterized system designs and converges to high-performance candidates compliant with evolving engineering constraints, such as scale, mass, diagnostic access, mechanical displacement, thermal energy deposition, facility standards, and component-specific failure modes. The physics resolution and associated computational costs of our code are intermediate between those of 0D circuit codes and 3D magnetohydrodynamic codes, to be predictive and support fast, parallel simulations in parameter space. Development of a reduced-order, physics-based target model is driven by high-resolution simulations in ALE3D (an institutional multiphysics code) and multi-diagnostic data from a commissioned pulser platform. Results indicate system performance is sensitive to transient target response, which should include magnetohydrodynamic expansion, resistive heating, nonlinear magnetic diffusion, and phase change. Design optimization results for a conceptual NIF platform are reported.

Modern connected vehicles are equipped with a large number of sensors, which enable a wide range of services that can improve overall traffic safety and efficiency. However, remote access to connected vehicles also introduces new security issues affecting both inter and intra-vehicle communications. In fact, existing intra-vehicle communication systems, such as Controller Area Network (CAN), lack security features, such as encryption and secure authentication for Electronic Control Units (ECUs). Instead, Original Equipment Manufacturers (OEMs) seek security through obscurity by keeping secret the proprietary format with which they encode the information. Recently, it has been shown that the reuse of CAN frame IDs can be exploited to perform CAN bus reverse engineering without physical access to the vehicle, thus raising further security concerns in a connected environment. This work investigates whether anonymizing the frames of each newly released vehicle is sufficient to prevent CAN bus reverse engineering based on frame ID matching. The results show that, by adopting Machine Learning techniques, anonymized CAN frames can still be fingerprinted and identified in an unknown vehicle with an accuracy of up to 80 %.

International regulations specified in WP.29 and international standards specified in ISO/SAE 21434 require security operations such as cyberattack detection and incident responses to protect vehicles from cyberattacks. To meet these requirements, many vehicle manufacturers are planning to install Intrusion Detection Systems (IDSs) in the Controller Area Network (CAN), which is a primary component of in-vehicle networks, in the coming years. Besides, many vehicle manufacturers and information security companies are developing technologies to identify attack paths related to IDS alerts to respond to cyberattacks appropriately and quickly. To develop the IDSs and the technologies to identify attack paths, it is essential to grasp normal communications performed on in-vehicle networks. Thus, our study aims to develop a technology that can easily grasp normal communications performed on in-vehicle networks. In this paper, we propose the first message source identification method that easily identifies CAN-IDs used by each Electronic Control Unit (ECU) connected to the CAN for message transmissions. We realize the proposed method by utilizing diagnostic communications and an IDS installed in the CAN (CAN-IDS). We evaluate the proposed method using an ECU installed in an actual vehicle and four kinds of simulated CAN-IDSs based on typical existing intrusion detection methods for the CAN. The evaluation results show that the proposed method can identify the CAN-ID used by the ECU for CAN message transmissions if a suitable simulated CAN-IDS for the proposed method is connected to the vehicle.

Over the past two decades, several forms of non-intrusive technology have been deployed in cooperation with medical specialists in order to aid patients diagnosed with some form of mental, cognitive or psychological condition. Along with the availability and accessibility to applications offered by mobile devices, as well as the advancements in the field of Artificial Intelligence applications and Natural Language Processing, Conversational Agents have been developed with the objective of aiding medical specialists detecting those conditions in their early stages and monitoring their symptoms and effects on the cognitive state of the patient, as well as supporting the patient in their effort of mitigating those symptoms. Coupled with the recent advances in the the scientific field of machine and deep learning, we aim to explore the grade of applicability of such technologies into cognitive health support Conversational Agents, and their impact on the acceptability of such applications bytheir end users. Therefore, we conduct a systematic literature review, following a transparent and thorough process in order to search and analyze the bibliography of the past five years, focused on the implementation of Conversational Agents, supported by Artificial Intelligence technologies and in service of patients diagnosed with Mild Cognitive Impairment and its variants.

Due to the migration megatrend, efficient and effective second-language acquisition is vital. One proposed solution involves AI-enabled conversational agents for person-centered interactive language practice. We present results from ongoing action research targeting quality assurance of proprietary generative dialog models trained for virtual job interviews. The action team elicited a set of 38 requirements for which we designed corresponding automated test cases for 15 of particular interest to the evolving solution. Our results show that six of the test case designs can detect meaningful differences between candidate models. While quality assurance of natural language processing applications is complex, we provide initial steps toward an automated framework for machine learning model selection in the context of an evolving conversational agent. Future work will focus on model selection in an MLOps setting.

Populations move across regions in search of better living possibilities, better life outcomes or going away from problems that affected their lives in the previous region they lived in. In the United States of America, this problem has been happening over decades. Intelligent Conversational Text-based Agents, also called Chatbots, and Artificial Intelligence are increasingly present in our lives and over recent years, their presence has increased considerably, due to the usability cases and the familiarity they are wining constantly. Using NLP algorithms for law in accessible platforms allows scaling of users to access a certain level of law expert who could assist users in need. This paper describes the motivation and circumstances of this problem as well as the description of the development of an Intelligent Conversational Agent system that was used by immigrants in the USA so they could get answers to questions and get suggestions about better legal options they could have access to. This system has helped thousands of people, especially in California

With the rapid development of artificial intelligence (AI), many companies are moving towards automating their services using automated conversational agents. Dialogue-based conversational recommender agents, in particular, have gained much attention recently. The successful development of such systems in the case of natural language input is conditioned by the ability to understand the users’ utterances. Predicting the users’ intents allows the system to adjust its dialogue strategy and gradually upgrade its preference profile. Nevertheless, little work has investigated this problem so far. This paper proposes an LSTM-based Neural Network model and compares its performance to seven baseline Machine Learning (ML) classifiers. Experiments on a new publicly available dataset revealed The superiority of the LSTM model with 95% Accuracy and 94% F1-score on the full dataset despite the relatively small dataset size (9300 messages and 17 intents) and label imbalance.

With the recent advancements in automated communication technology, many traditional businesses that rely on face-to-face communication have shifted to online portals. However, these online platforms often lack the personal touch essential for customer service. Research has shown that face-to- face communication is essential for building trust and empathy with customers. A multimodal embodied conversation agent (ECA) can fill this void in commercial applications. Such a platform provides tools to understand the user’s mental state by analyzing their verbal and non-verbal behaviour and allows a human-like avatar to take necessary action based on the context of the conversation and as per social norms. However, the literature to understand the impact of ECA agents on commercial applications is limited because of the issues related to platform and scalability. In our work, we discuss some existing work that tries to solve the issues related to scalability and infrastructure. We also provide an overview of the components required for developing ECAs and their deployment in various applications.

Electrical substations in power grid act as the critical interface points for the transmission and distribution networks. Over the years, digital technology has been integrated into the substations for remote control and automation. As a result, substations are more prone to cyber attacks and exposed to digital vulnerabilities. One of the notable cyber attack vectors is the malicious command injection, which can lead to shutting down of substations and subsequently power outages as demonstrated in Ukraine Power Plant Attack in 2015. Prevailing measures based on cyber rules (e.g., firewalls and intrusion detection systems) are often inadequate to detect advanced and stealthy attacks that use legitimate-looking measurements or control messages to cause physical damage. Additionally, defenses that use physics-based approaches (e.g., power flow simulation, state estimation, etc.) to detect malicious commands suffer from high latency. Machine learning serves as a potential solution in detecting command injection attacks with high accuracy and low latency. However, sufficient datasets are not readily available to train and evaluate the machine learning models. In this paper, focusing on this particular challenge, we discuss various approaches for the generation of synthetic data that can be used to train the machine learning models. Further, we evaluate the models trained with the synthetic data against attack datasets that simulates malicious commands injections with different levels of sophistication. Our findings show that synthetic data generated with some level of power grid domain knowledge helps train robust machine learning models against different types of attacks.

As more and more information systems rely sen-sors for their critical decisions, there is a growing threat of injecting false signals to sensors in the analog domain. In particular, LightCommands showed that MEMS microphones are susceptible to light, through the photoacoustic and photoelectric effects, enabling an attacker to silently inject voice commands to smart speakers. Understanding such unexpected transduction mechanisms is essential for designing secure and reliable MEMS sensors. Is there any other transduction mechanism enabling laser-induced attacks? We positively answer the question by experimentally evaluating two commercial piezoresistive MEMS pressure sensors. By shining a laser light at the piezoresistors through an air hole on the sensor package, the pressure reading changes by ±1000 hPa with 0.5 mW laser power. This phenomenon can be explained by the photoelectric effect at the piezoresistors, which increases the number of carriers and decreases the resistance. We finally show that an attacker can induce the target signal at the sensor reading by shining an amplitude-modulated laser light.

Cloud security has become a serious challenge due to increasing number of attacks day-by-day. Intrusion Detection System (IDS) requires an efficient security model for improving security in the cloud. This paper proposes a game theory based model, named as Game Theory Cloud Security Deep Neural Network (GT-CSDNN) for security in cloud. The proposed model works with the Deep Neural Network (DNN) for classification of attack and normal data. The performance of the proposed model is evaluated with CICIDS-2018 dataset. The dataset is normalized and optimal points about normal and attack data are evaluated based on the Improved Whale Algorithm (IWA). The simulation results show that the proposed model exhibits improved performance as compared with existing techniques in terms of accuracy, precision, F-score, area under the curve, False Positive Rate (FPR) and detection rate.

Mid-infrared spectroscopic imaging (MIRSI) is an emerging class of label-free, biochemically quantitative technologies targeting digital histopathology. Conventional histopathology relies on chemical stains that alter tissue color. This approach is qualitative, often making histopathologic examination subjective and difficult to quantify. MIRSI addresses these challenges through quantitative and repeatable imaging that leverages native molecular contrast. Fourier transform infrared (FTIR) imaging, the best-known MIRSI technology, has two challenges that have hindered its widespread adoption: data collection speed and spatial resolution. Recent technological breakthroughs, such as photothermal MIRSI, provide an order of magnitude improvement in spatial resolution. However, this comes at the cost of acquisition speed, which is impractical for clinical tissue samples. This paper introduces an adaptive compressive sampling technique to reduce hyperspectral data acquisition time by an order of magnitude by leveraging spectral and spatial sparsity. This method identifies the most informative spatial and spectral features, integrates a fast tensor completion algorithm to reconstruct megapixel-scale images, and demonstrates speed advantages over FTIR imaging while providing spatial resolutions comparable to new photothermal approaches.

Social Internet of Vehicle (SIoV) has emerged as one of the most promising applications for vehicle communication, which provides safe and comfortable driving experience. It reduces traffic jams and accidents, thereby saving public resources. However, the wrongly communicated messages would cause serious issues, including life threats. So it is essential to ensure the reliability of the message before acting on considering that. Existing works use cryptographic primitives like threshold authentication and ring signatures, which incurs huge computation and communication overheads, and the ring signature size grew linearly with the threshold value. Our objective is to keep the signature size constant regardless of the threshold value. This work proposes MuSigRDT, a multisignature contract based data transmission protocol using Schnorr digital signature. MuSigRDT provides incentives, to encourage the vehicles to share correct information in real-time and participate honestly in SIoV. MuSigRDT is shown to be secure under Universal Composability (UC) framework. The MuSigRDT contract is deployed on Ethereum's Rinkeby testnet.

Model checking is one of the most commonly used technique in formal verification. However, the exponential scale state space renders exhaustive state enumeration inefficient even for a moderate System on Chip (SoC) design. In this paper, we propose a method that leverages symbolic execution to accelerate state space search and pinpoint security vulnerabilities. We automatically convert the hardware design to functionally equivalent C++ code and utilize the KLEE symbolic execution engine to perform state exploration through heuristic search. To reduce the search space, we symbolically represent essential input signals while making non-critical inputs concrete. Experiment results have demonstrated that our method can precisely identify security vulnerabilities at significantly lower computation cost.

Neural program embeddings have demonstrated considerable promise in a range of program analysis tasks, including clone identification, program repair, code completion, and program synthesis. However, most existing methods generate neural program embeddings di-rectly from the program source codes, by learning from features such as tokens, abstract syntax trees, and control flow graphs. This paper takes a fresh look at how to improve program embed-dings by leveraging compiler intermediate representation (IR). We first demonstrate simple yet highly effective methods for enhancing embedding quality by training embedding models alongside source code and LLVM IR generated by default optimization levels (e.g., -02). We then introduce IRGEN, a framework based on genetic algorithms (GA), to identify (near-)optimal sequences of optimization flags that can significantly improve embedding quality. We use IRGEN to find optimal sequences of LLVM optimization flags by performing GA on source code datasets. We then extend a popular code embedding model, CodeCMR, by adding a new objective based on triplet loss to enable a joint learning over source code and LLVM IR. We benchmark the quality of embedding using a rep-resentative downstream application, code clone detection. When CodeCMR was trained with source code and LLVM IRs optimized by findings of IRGEN, the embedding quality was significantly im-proved, outperforming the state-of-the-art model, CodeBERT, which was trained only with source code. Our augmented CodeCMR also outperformed CodeCMR trained over source code and IR optimized with default optimization levels. We investigate the properties of optimization flags that increase embedding quality, demonstrate IRGEN's generalization in boosting other embedding models, and establish IRGEN's use in settings with extremely limited training data. Our research and findings demonstrate that a straightforward addition to modern neural code embedding models can provide a highly effective enhancement.

In this paper, physical-layer security (PLS) of an underlay cognitive radio network (CRN) operating over cascaded Rayleigh fading channels is examined. In this scenario, a secondary user (SU) transmitter communicates with a SU receiver through a cascaded Rayleigh fading channel while being exposed to eavesdroppers. By harvesting energy from the SU transmitter, a cooperating jammer attempts to ensure the privacy of the transmitted communications. That is, this harvested energy is utilized to generate and spread jamming signals to baffle the information interception at eavesdroppers. Additionally, two scenarios are examined depending on the manner in which eavesdroppers intercept messages; colluding and non-colluding eavesdroppers. These scenarios are compared to determine which poses the greatest risk to the network. Furthermore, the channel cascade effect on security is investigated. Distances between users and the density of non-colluding eavesdroppers are also investigated. Moreover, cooperative jamming-based energy harvesting effectiveness is demonstrated.

There has been a significant rise in the use of wireless sensor networks (WSNs) in the past few years. It is evident that WSNs operate in unlicensed spectrum bands [1]. But due to the increasing usage in unlicensed spectrum band this band is getting overcrowded. The recent development of cognitive radio technology [2, 3] has made possible the utilization of licensed spectrum band in an opportunistic manner. This paper studies an introduction to Cognitive Radio Technology, Cognitive Radio Wireless Sensor Networks, its Advantages & Challenges, Cognitive Radio Technology Applications and a comparative analysis of node clustering techniques in CWSN.

Structured Query Language Injection (SQLi) is a client-side application vulnerability that allows attackers to inject malicious SQL queries with harmful intents, including stealing sensitive information, bypassing authentication, and even executing illegal operations to cause more catastrophic damage to users on the web application. According to OWASP, the top 10 harmful attacks against web applications are SQL Injection attacks. Moreover, based on data reports from the UK's National Fraud Authority, SQL Injection is responsible for 97% of data exposures. Therefore, in order to prevent the SQL Injection attack, detection SQLi system is essential. The contribution of this research is securing web applications by developing a browser extension for Google Chrome using Long Short-Term Memory (LSTM), which is a unique kind of RNN algorithm capable of learning long-term dependencies like SQL Injection attacks. The results of the model will be deployed in static analysis in a browser extension, and the LSTM algorithm will learn to identify the URL that has to be injected into Damn Vulnerable Web Application (DVWA) as a sample-tested web application. Experimental results show that the proposed SQLi detection model based on the LSTM algorithm achieves an accuracy rate of 99.97%, which means that a reliable client-side can effectively detect whether the URL being accessed contains a SQLi attack or not.

The exponential rise of online services has heightened awareness of safeguarding the various applications that cooperate with and provide Internet users. Users must present their credentials, such as user name and secret code, to the servers to be authorized. This sensitive data should be secured from being exploited due to numerous security breaches, resulting in criminal activity. It is vital to secure systems against numerous risks. This article offers a novel approach to protecting against brute force attacks. A solution is presented where the user obtains the keypad on each occurrence. Following the establishment of the keypad, the webserver produces an encrypted password for the user's Computer/device authentication. The encrypted password will be used for authentication; users must type the amended one-time password (OTP) every time they access the website. This research protects passwords using reformation-based encryption and decryption and optimal honey encryption (OH-E) and decryption.

The ever-evolving capabilities of cyber attackers force security administrators to focus on the early identification of emerging threats. Targeted cyber attacks usually consist of several phases, from initial reconnaissance of the network environment to final impact on objectives. This paper investigates the identification of multi-step cyber threat scenarios using kill chain and attack graphs. Kill chain and attack graphs are threat modeling concepts that enable determining weak security defense points. We propose a novel kill chain attack graph that merges kill chain and attack graphs together. This approach determines possible chains of attacker’s actions and their materialization within the protected network. The graph generation uses a categorization of threats according to violated security properties. The graph allows determining the kill chain phase the administrator should focus on and applicable countermeasures to mitigate possible cyber threats. We implemented the proposed approach for a predefined range of cyber threats, especially vulnerability exploitation and network threats. The approach was validated on a real-world use case. Publicly available implementation contains a proof-of-concept kill chain attack graph generator.