Biblio

In order to solve the problem that the ordinary intrusion detection model cannot effectively identify the increasingly complex, continuous, multi-source and organized network attacks, this paper proposes an Internet of Things attack group identification model to identify the planned and organized attack groups. The model takes the common attack source IP, target IP, time stamp and target port as the characteristics of the attack log data to establish the identification benchmark of the attack gang behavior. The model also combines the spectral clustering algorithm to cluster different attackers with similar attack behaviors, and carries out the specific image analysis of the attack gang. In this paper, an experimental detection was carried out based on real IoT honey pot attack log data. The spectral clustering was compared with Kmeans, DBSCAN and other clustering algorithms. The experimental results shows that the contour coefficient of spectral clustering was significantly higher than that of other clustering algorithms. The recognition model based on spectral clustering proposed in this paper has a better effect, which can effectively identify the attack groups and mine the attack preferences of the groups.

We present an algorithm for generating perfect tabulation hashing functions by reduction to Boolean satisfaction (SAT). Tabulation hashing is a high-performance family of hash functions for hash tables that involves computing the XOR of random lookup tables. Given n keys of word size W, we show how to compute a perfect hash function in O(nW) worst-case time. This is competitive with other perfect hashing methods, and the resultant hash functions are simple and performant.

Internet of Battlefield Things (IoBTs) are well positioned to take advantage of recent technology trends that have led to the development of low-power neural accelerators and low-cost high-performance sensors. However, a key challenge that needs to be dealt with is that despite all the advancements, edge devices remain resource-constrained, thus prohibiting complex deep neural networks from deploying and deriving actionable insights from various sensors. Furthermore, deploying sophisticated sensors in a distributed manner to improve decision-making also poses an extra challenge of coordinating and exchanging data between the nodes and server. We propose an architecture that abstracts away these thorny deployment considerations from an end-user (such as a commander or warfighter). Our architecture can automatically compile and deploy the inference model into a set of distributed nodes and server while taking into consideration of the resource availability, variation, and uncertainties.

An experimental network environment plays an important role to examine new systems and protocols. We have developed an experimental network construction tool called LiONv1 (Lightweight On-Demand Networking, ver.1). LiONv1 satisfies the following four requirements: programmer-friendly configuration file based on Infrastructure as Code, multiple virtualization technologies for virtual nodes, physical topology conscious virtual node placement, and L3 protocol agnostic virtual networks. None of existing experimental network environments satisfy all the four requirements. In this paper, we develop LiONv2 which satisfies three more requirements: diversity of available network devices, Internet-scale deployment, and disaggregation of network configuration and device configuration. LiONv2 employs NETCONF and YANG to achieve diversity of available network devices and Internet-scale deployment. LiONv2 also defines two YANG models which disaggregate network configuration and device configuration. LiONv2 is implemented in Go and C languages with public libraries for Go. Measurement results show that construction time of a virtual network is irrelevant to the number of virtual nodes if a single virtual node is created per physical node.

The Internet-of-Things (IoT) paradigm at large continues to be compromised, hindering the privacy, dependability, security, and safety of our nations. While the operational security communities (i.e., CERTS, SOCs, CSIRT, etc.) continue to develop capabilities for monitoring cyberspace, tools which are IoT-centric remain at its infancy. To this end, we address this gap by innovating an actionable Cyber Threat Intelligence (CTI) feed related to Internet-scale infected IoT devices. The feed analyzes, in near real-time, 3.6TB of daily streaming passive measurements ( ≈ 1M pps) by applying a custom-developed learning methodology to distinguish between compromised IoT devices and non-IoT nodes, in addition to labeling the type and vendor. The feed is augmented with third party information to provide contextual information. We report on the operation, analysis, and shortcomings of the feed executed during an initial deployment period. We make the CTI feed available for ingestion through a public, authenticated API and a front-end platform.

Affected by the inherent ideas like "Focus on Function Realization, Despise Security Protection", there are lots of hidden threats in the industrial control system of wind farms (ICS-WF), such as unreasonable IP configuration, failure in virus detection and killing, which are prone to illegal invasion and attack from the cyberspace. Those unexpected unauthorized accesses are quite harmful for the stable operation of the wind farms and regional power grid. Therefore, by investigating the current security situation and needs of ICS-WF, analyzing the characteristics of ICS-WF’s architecture and internal communication, and integrating the ideas of the classified protection of cybersecurity, this paper proposes a new customized cybersecurity strategy for ICS-WF based on the barrel theory. We also introduce an new anomalous intrusion detection technology for ICS-WF, which is developed based on statistical models of wind farm network characteristics. Finally, combined all these work with the network security offense and defense drill in the industrial control safety simulation laboratory of wind farms, this research formulates a three-dimensional comprehensive protection solution for ICS-WF, which significantly improves the cybersecurity level of ICS-WF.

With the increasing number of electric vehicles, the scale of the market also increases. In the past, the electric vehicle market had problems such as opaque information, numerous levels and data leakage, which were criticized for the impact of the overall development and policies of the electric vehicle industry. In view of the problems existing in the transparency and security of big data management transactions of the Internet of vehicles, this paper combs the commercial operation framework of the Internet of Vehicles Platform, analyses the feasibility and necessity of establishing the token system of the Internet of Vehicles Platform, and constructs the token economic system architecture of the Internet of Vehicles Platform and its development path.

Intelligent networked vehicles are rapidly developing in intelligence and networking. The communication architecture is becoming more complex, external interfaces are richer, and data types are more complex. Different from the information security of the traditional Internet of Things, the scenarios that need to be met for the security of the Internet of Vehicles are more diverse and the security needs to be more stable. Based on the security technology of traditional Internet of Things, password application is the main protection method to ensure the privacy and non-repudiation of data communication. This article mainly elaborates the application of security protection methods using password-related protection technologies in car-side scenarios and summarizes the security protection recommendations of contemporary connected vehicles in combination with the secure communication architecture of the Internet of Vehicles.

Deep Neural Networks (DNN) has gained great success in solving several challenging problems in recent years. It is well known that training a DNN model from scratch requires a lot of data and computational resources. However, using a pre-trained model directly or using it to initialize weights cost less time and often gets better results. Therefore, well pre-trained DNN models are valuable intellectual property that we should protect. In this work, we propose DeepTrace, a framework for model owners to secretly fingerprinting the target DNN model using a special trigger set and verifying from outputs. An embedded fingerprint can be extracted to uniquely identify the information of model owner and authorized users. Our framework benefits from both white-box and black-box verification, which makes it useful whether we know the model details or not. We evaluate the performance of DeepTrace on two different datasets, with different DNN architectures. Our experiment shows that, with the advantages of combining white-box and black-box verification, our framework has very little effect on model accuracy, and is robust against different model modifications. It also consumes very little computing resources when extracting fingerprint.

In the crowdsourced testing system, due to the openness of crowdsourced testing platform and other factors, the security of crowdsourced testing intellectual property cannot be effectively protected. We proposed an attribute-based double encryption scheme, combined with the blockchain technology, to achieve the data access control method of the code to be tested. It can meet the privacy protection and traceability of specific intellectual property in the crowdsourced testing environment. Through the experimental verification, the access control method is feasible, and the performance test is good, which can meet the normal business requirements.

Insider threat makes enterprises or organizations suffer from the loss of property and the negative influence of reputation. User behavior analysis is the mainstream method of insider threat detection, but due to the lack of fine-grained detection and the inability to effectively capture the behavior patterns of individual users, the accuracy and precision of detection are insufficient. To solve this problem, this paper designs an insider threat detection method based on user historical behavior and attention mechanism, including using Long Short Term Memory (LSTM) to extract user behavior sequence information, using Attention-based on user history behavior (ABUHB) learns the differences between different user behaviors, uses Bidirectional-LSTM (Bi-LSTM) to learn the evolution of different user behavior patterns, and finally realizes fine-grained user abnormal behavior detection. To evaluate the effectiveness of this method, experiments are conducted on the CMU-CERT Insider Threat Dataset. The experimental results show that the effectiveness of this method is 3.1% to 6.3% higher than that of other comparative model methods, and it can detect insider threats in different user behaviors with fine granularity.

Currently, more and more malicious insiders are making threats, and the detection of insider threats is becoming more challenging. The malicious insider often uses legitimate access privileges and mimic normal behaviors to evade detection, which is difficult to be detected via using traditional defensive solutions. In this paper, we propose DeepMIT, a malicious insider threat detection framework, which utilizes Recurrent Neural Network (RNN) to model user behaviors as time sequences and predict the probabilities of anomalies. This framework allows DeepMIT to continue learning, and the detections are made in real time, that is, the anomaly alerts are output as rapidly as data input. Also, our framework conducts further insight of the anomaly scores and provides the contributions to the scores and, thus, significantly helps the operators to understand anomaly scores and take further steps quickly(e.g. Block insider's activity). In addition, DeepMIT utilizes user-attributes (e.g. the personality of the user, the role of the user) as categorical features to identify the user's truly typical behavior, which help detect malicious insiders who mimic normal behaviors. Extensive experimental evaluations over a public insider threat dataset CERT (version 6.2) have demonstrated that DeepMIT has outperformed other existing malicious insider threat solutions.

In recent years, insider threat incidents and losses of companies or organizations are on the rise, and internal network security is facing great challenges. Traditional intrusion detection methods cannot identify malicious behaviors of insiders. As an effective method, insider threat detection technology has been widely concerned and studied. In this paper, we use the tree structure method to analyze user behavior, form feature sequences, and combine the Copula Based Outlier Detection (COPOD) method to detect the difference between feature sequences and identify abnormal users. We experimented on the insider threat dataset CERT-IT and compared it with common methods such as Isolation Forest.

How to develop AI systems that can explain how they made decisions is one of the important and hot topics today. Inspired by the dual-process theory in psychology, this paper proposes a human-in-the-loop approach to develop System-2 AI that makes an inference logically and outputs interpretable explanation. Our proposed method first asks crowd workers to raise understandable features of objects of multiple classes and collect training data from the Internet to generate classifiers for the features. Logical decision rules with the set of generated classifiers can explain why each object is of a particular class. In our preliminary experiment, we applied our method to an image classification of Asian national flags and examined the effectiveness and issues of our method. In our future studies, we plan to combine the System-2 AI with System-1 AI (e.g., neural networks) to efficiently output decisions.

Distant supervision is a widely used data labeling method for relation extraction. While aligning knowledge base with the corpus, distant supervision leads to a mass of wrong labels which are defined as noise. The pattern-based denoising model has achieved great progress in selecting trustable sentences (instances). However, the writing of relation-specific patterns heavily relies on expert’s knowledge and is a high labor intensity work. To solve these problems, we propose a noise reduction framework, NOIR, to iteratively select trustable sentences with a little help of a human. Under the guidance of experts, the iterative process can avoid semantic drift. Besides, NOIR can help experts discover relation-specific tokens that are hard to think of. Experimental results on three real-world datasets show the effectiveness of the proposed method compared with state-of-the-art methods.

X-ray baggage security screening is a demanding task for aviation and rail transit security; automatic prohibited item detection in X-ray baggage images can help reduce the work of inspectors. However, as many items are placed too close to each other in the baggages, it is difficult to fully trust the detection results of intelligent prohibited item detection algorithms. In this paper, a human-in-the-loop baggage inspection framework is proposed. The proposed framework utilizes the deep-learning-based algorithm for prohibited item detection to find suspicious items in X-ray baggage images, and select manual examination when the detection algorithm cannot determine whether the baggage is dangerous or safe. The advantages of proposed inspection process include: online to capture new sample images for training incrementally prohibited item detection model, and augmented prohibited item detection intelligence with human-computer collaboration. The preliminary experimental results show, human-in-the-loop process by combining cognitive capabilities of human inspector with the intelligent algorithms capabilities, can greatly improve the efficiency of in-baggage security screening.

Discovering vulnerabilities is an information-intensive task that requires a developer to locate the defects in the code that have security implications. The task is difficult due to the growing code complexity and some developer's lack of security expertise. Although tools have been created to ease the difficulty, no single one is sufficient. In practice, developers often use a combination of tools to uncover vulnerabilities. Yet, the basis on which different tools are composed is under explored. In this paper, we examine the composition base by taking advantage of the tool design patterns informed by foraging theory. We follow a design science methodology and carry out a three-step empirical study: mapping 34 foraging-theoretic patterns in a specific vulnerability discovery tool, formulating hypotheses about the value and cost of foraging when considering two composition scenarios, and performing a human-subject study to test the hypotheses. Our work offers insights into guiding developers' tool usage in detecting software vulnerabilities.

The reuse of libraries in software development has become prevalent for improving development efficiency and software quality. However, security vulnerabilities of reused libraries propagated through software project dependency pose a severe security threat, but they have not yet been well studied. In this paper, we present the first large-scale empirical study of project dependencies with respect to security vulnerabilities. We developed PDGraph, an innovative approach for analyzing publicly known security vulnerabilities among numerous project dependencies, which provides a new perspective for assessing security risks in the wild. As a large-scale software collection in dependency, we find 337,415 projects and 1,385,338 dependency relations. In particular, PDGraph generates a project dependency graph, where each node is a project, and each edge indicates a dependency relationship. We conducted experiments to validate the efficacy of PDGraph and characterized its features for security analysis. We revealed that 1,014 projects have publicly disclosed vulnerabilities, and more than 67,806 projects are directly dependent on them. Among these, 42,441 projects still manifest 67,581 insecure dependency relationships, indicating that they are built on vulnerable versions of reused libraries even though their vulnerabilities are publicly known. During our eight-month observation period, only 1,266 insecure edges were fixed, and corresponding vulnerable libraries were updated to secure versions. Furthermore, we uncovered four underlying dependency risks that can significantly reduce the difficulty of compromising systems. We conducted a quantitative analysis of dependency risks on the PDGraph.

Both the Internet of Things (IoT) and Information Centric Networking (ICN) have gathered a lot of attention from both research and industry in recent years. While ICN has proved to be beneficial in many situations, it is not widely deployed outside research projects, also not addressing needs of IoT application programming interfaces (APIs). On the other hand, today's IoT solutions are built on top of the host-centric communication model associated with the usage of the Internet Protocol (IP). This paper contributes a discussion on the need of an integration of a specific form of IoT APIs, namely WebSocket based streaming APIs, into an ICN. Furthermore, different access models are discussed and requirements are derived from real world APIs. Finally, the design of an ICN-style extension is presented using one of the examined APIs.

The emerging time-sensitive applications, such as industrial automation, smart grids, and telesurgery, pose strong demands for enabling large-scale IP-based deterministic networks. The IETF DetNet working group recently proposes a Cycle Specified Queuing and Forwarding (CSQF) solution. However, CSQF only specifies an underlying device-level primitive while how to achieve network-wide flow scheduling remains undefined. Previous scheduling mechanisms are mostly oriented to the context of local area networks, making them inapplicable to the cyclic traffic in wide area networks. In this paper, we design the Cycle Tags Planning (CTP) mechanism, a first mathematical model to enable network-wide scheduling for cyclic traffic in large-scale deterministic networks. Then, a novel scheduling algorithm named flow offset and cycle shift (FO-CS) is designed to compute the flows' cycle tags. The FO-CS algorithm is evaluated under long-distance network topologies in remote industrial control scenarios. Compared with the Naive algorithm without using FO-CS, simulation results demonstrate that FO-CS improves the scheduling flow number by 31.2% in few seconds.

Construction of immersive architectural wisdom guiding environment based on virtual reality is studied in this paper. Emerging development of the computer smart systems have provided the engineers a novel solution for the platform construction. Network virtualization is currently the most unclear and controversial concept in the industry regarding the definition of virtualization subdivisions. To improve the current study, we use the VR system to implement the platform. The wisdom guiding environment is built through the virtual data modelling and the interactive connections. The platform is implemented through the software. The test on the data analysis accuracy and the interface optimization is conducted.

The project uses 3D immersive technology to innovatively apply virtual reality technology to the monitoring field, and proposes the concept and technical route of remote 3D immersive intelligent control. A design scheme of a three-dimensional immersive remote somatosensory intelligent controller is proposed, which is applied to the remote three-dimensional immersive control of a crawler mobile robot, and the test and analysis of the principle prototype are completed.

With the advancement of portable head-mounted displays, interest in educational application of immersive spherical video-based virtual reality (SVVR) has been emerging. However, it remains unclear regarding the effects of immersive SVVR on cognitive and affective outcomes. In this study, we retrieved 58 learning outcomes from 16 studies. A meta-analysis was performed using the random effects model to calculate the effect size. Several important moderators were also examined such as control group treatment, learning outcome type, interaction functionality, content instruction, learning domain, and learner's stage. The results show that immersive SVVR is more effective than other instructional conditions with a medium effect size. The key findings of the moderator analysis are that immersive SVVR has a greater impact on affective outcomes, as well as under the conditions that learning system provides interaction functionality or integrates with content instruction before virtual exploratory learning.

The interdisciplinary field of immersive learning research is scattered. Combining efforts for better exploration of this field from the different disciplines requires researchers to communicate and coordinate effectively. We call upon the community of immersive learning researchers for planting the Knowledge Tree of Immersive Learning Research, a proposal for a systematization effort for this field, combining both scholarly and practical knowledge, cultivating a robust and ever-growing knowledge base and methodological toolbox for immersive learning. This endeavor aims at promoting evidence-informed practice and guiding future research in the field. This paper contributes with the rationale for three objectives: 1) Developing common scientific terminology amidst the community of researchers; 2) Cultivating a common understanding of methodology, and 3) Advancing common use of theoretical approaches, frameworks, and models.

A new method for judging degree sequence is shown by means of perfect ice-flower systems made by operators - stars (particular complete bipartite graphs), and moreover this method can be used to build up degree sequences and perfect ice-flower systems. Graphic lattice, graph-graphic lattice, caterpillar-graphic lattice and topological coding lattice are defined. We establish some connections between traditional lattices and graphic lattices trying to provide new techniques for Lattice-based cryptosystem and post-quantum cryptography, and trying to enrich the theoretical knowledge of topological coding.