Biblio

In smart girds, supervisory control and data acquisition (SCADA) systems have to protect data from advanced persistent threats (APTs), which exploit vulnerabilities of the power infrastructures to launch stealthy and targeted attacks. In this paper, we propose a reinforcement learning-based APT defense scheme for the control center to choose the detection interval and the number of Central Processing Units (CPUs) allocated to the data concentrators based on the data priority, the size of the collected meter data, the history detection delay, the previous number of allocated CPUs, and the size of the labeled compromised meter data without the knowledge of the attack interval and attack CPU allocation model. The proposed scheme combines deep learning and policy-gradient based actor-critic algorithm to accelerate the optimization speed at the control center, where an actor network uses the softmax distribution to choose the APT defense policy and the critic network updates the actor network weights to improve the computational performance. The advantage function is applied to reduce the variance of the policy gradient. Simulation results show that our proposed scheme has a performance gain over the benchmarks in terms of the detection delay, data protection level, and utility.

Smart grid achieves reliable, efficient and flexible grid data processing by integrating traditional power grid with information and communication technology. The control center can evaluate the supply and demand of the power grid through aggregated data of users, and then dynamically adjust the power supply, price of the power, etc. However, since the grid data collected from users may disclose the user's electricity using habits and daily activities, the privacy concern has become a critical issue. Most of the existing privacy-preserving data collection schemes for smart grid adopt homomorphic encryption or randomization techniques which are either impractical because of the high computation overhead or unrealistic for requiring the trusted third party. In this paper, we propose a privacy-preserving smart grid data aggregation scheme satisfying local differential privacy (LDP) based on randomized response. Our scheme can achieve efficient and practical estimation of the statistics of power supply and demand while preserving any individual participant's privacy. The performance analysis shows that our scheme is efficient in terms of computation and communication overhead.

An adversarial attack is an algorithm that perturbs the input of a machine learning model in an intelligent way in order to change the output of the model. An important property of adversarial attacks is transferability. According to this property, it is possible to generate adversarial perturbations on one model and apply it the input to fool the output of a different model. Our work focuses on studying the transferability of adversarial attacks in sound event classification. We are able to demonstrate differences in transferability properties from those observed in computer vision. We show that dataset normalization techniques such as z-score normalization does not affect the transferability of adversarial attacks and we show that techniques such as knowledge distillation do not increase the transferability of attacks.

In this paper, an E-band MIMO radar with 1 transmit and 4 receive channels is designed. The signal bandwidth is 2GHz at 77GHz, the max power of transmitted signal which is Frequency-modulated continuous-wave (FMCW) is 13dBm. This radar consists of two cascade parts: RF frond-end and digital signal process block. The RF front-end part includes antenna array, millimeter wave transceiver chips, and the digital signal process part includes FPGA, DSP and power supply circuits. It could be used in foreign object detection (FOD), landing assistance of helicopter and security checking.

Blockchain is a decentralized technology that provides untampered and anonymous security service to users. Without relying on trusted third party, it can establish the value transfer between nodes and reduce the transaction costs. Mature public key cryptosystem and signature scheme are important basis of blockchain security. Currently, most of the public key cryptosystems are based on classic difficult problems such as RSA and ECC. However, the above asymmetric cryptosystems are no longer secure with the development of quantum computing technology. To resist quantum attacks, researchers have proposed encryption schemes based on lattice recently. Although existing schemes have theoretical significance in blockchain, they are not suitable for the practical application due to the large size of key and signature. To tackle the above issues, this paper proposes an anti-quantum signature scheme over ideal lattice in blockchain. First, we transfer the signature scheme from the standard lattice to the ideal lattice, which reduces the size of public key. Afterwards, a novel signature scheme is proposed to reduce both the size of the private and public key significantly. Finally, we theoretically prove the security of our ideal lattice-based signature scheme with a reduction to the hardness assumption of Ideal Small Integer Sulotion problem which can resist quantum attacks. The efficiency analysis demonstrates that our signature scheme can be practically used in blockchain.

A recent research shows that 88 % of Android applications that use cryptographic APIs make at least one mistake. For this reason, several tools have been proposed to detect crypto API misuses, such as CryptoLint, CMA, and CogniCryptSAsT. However, these tools depend heavily on manually designed rules, which require much cryptographic knowledge and could be error-prone. In this paper, we propose an approach based on probabilistic models, namely, hidden Markov model and n-gram model, to analyzing crypto API usages in Android applications. The difficulty lies in that crypto APIs are sensitive to not only API orders, but also their arguments. To address this, we have created a dataset consisting of crypto API sequences with arguments, wherein symbolic execution is performed. Finally, we have also conducted some experiments on our models, which shows that ( i) our models are effective in capturing the usages, detecting and locating the misuses; (ii) our models perform better than the ones without symbolic execution, especially in misuse detection; and (iii) compared with CogniCryptSAsT, our models can detect several new misuses.

The whole Software-Defined Networking (SDN) system might be out of service when the control plane is overloaded by control plane saturation attacks. In this attack, a malicious host can manipulate massive table-miss packets to exhaust the control plane resources. Even though many studies have focused on this problem, systems still suffer from more influenced switches because of centralized mitigation policies, and long recovery delay because of the remaining attack flows. To solve these problems, we propose FSDM, a Fast recovery Saturation attack Detection and Mitigation framework. For detection, FSDM extracts the distribution of Control Channel Occupation Rate (CCOR) to detect the attack and locates the port that attackers come from. For mitigation, with the attacker's location and distributed Mitigation Agents, FSDM adopts different policies to migrate or block attack flows, which influences fewer switches and protects the control plane from resource exhaustion. Besides, to reduce the system recovery delay, FSDM equips a novel functional module called Force\_Checking, which enables the whole system to quickly clean up the remaining attack flows and recovery faster. Finally, we conducted extensive experiments, which show that, with the increasing of attack PPS (Packets Per Second), FSDM only suffers a minor recovery delay increase. Compared with traditional methods without cleaning up remaining flows, FSDM saves more than 81% of ping RTT under attack rate ranged from 1000 to 4000 PPS, and successfully reduced the delay of 87% of HTTP requests time under large attack rate ranged from 5000 to 30000 PPS.

The reform of electricity marketization has bred multiple market agents. In order to maximize the total social benefits on the premise of ensuring the security of the system and taking into account the interests of multiple market agents, a bi-level optimal allocation model of distribution network with multiple agents participating is proposed. The upper level model considers the economic benefits of energy and service providers, which are mainly distributed power investors, energy storage operators and distribution companies. The lower level model considers end-user side economy and actively responds to demand management to ensure the highest user satisfaction. The K-means multi scenario analysis method is used to describe the time series characteristics of wind power, photovoltaic power and load. The particle swarm optimization (PSO) algorithm is used to solve the bi-level model, and IEEE33 node system is used to verify that the model can effectively consider the interests of multiple agents while ensuring the security of the system.

Flow correlation can identify attackers who use anonymous networks or stepping stones. The current flow correlation scheme based on watermark can effectively trace the network traffic. But it is difficult to balance robustness and invisibility. This paper presents an innovative flow correlation scheme that guarantees invisibility. First, the scheme generates a two-dimensional feature matrix by segmenting the network flow. Then, features of frequency and time are extracted from the matrix and mapped into perceptual hash sequences. Finally, by comparing the hash sequence similarity to correlate the network flow, the scheme reduces the complexity of the correlation while ensuring the accuracy of the flow correlation. Experimental results show that our scheme is robust to jitter, packet insertion and loss.

The continuous change of communication frequency brings difficulties to the reconnaissance and prediction of non-cooperative communication. The core of this communication process is the frequency-hopping (FH) sequence with pseudo-random characteristics, which controls carrier frequency hopping. However, FH sequence is always generated by a certain model and is a kind of time sequence with certain regularity. Long Short-Term Memory (LSTM) neural network in deep learning has been proved to have strong ability to solve time series problems. Therefore, in this paper, we establish LSTM model to implement FH sequence prediction. The simulation results show that LSTM-based scheme can effectively predict frequency point by point based on historical HF frequency data. Further, we achieve frequency interval prediction based on frequency point prediction.

This paper uses side channel analysis to detect hardware Trojan based on back propagation neural network. First, a power consumption collection platform is built to collect power waveforms, and the amplifier is utilized to amplify power consumption information to improve the detection accuracy. Then the small difference between the power waveforms is recognized by the back propagation neural network to achieve the purpose of detection. This method is validated on Advanced Encryption Standard circuit. Results show this method is able to identify the circuits with a Trojan occupied 0.19% of Advanced Encryption Standard circuit. And the detection accuracy rate can reach 100%.

OAuth 2.0 is one of the most widely used Internet protocols for authorization/single sign-on (SSO) and is also the foundation of the new SSO protocol OpenID Connect. Due to its complexity and its flexibility, it is difficult to comprehensively analyze the security of the OAuth 2.0 standard, yet it is critical to obtain practical security guarantees for OAuth 2.0. In this paper, we present the first computationally sound security analysis of OAuth 2.0. First, we introduce a new primitive, the three-party authenticated secret distribution (3P-ASD for short) protocol, which plays the role of issuing the secret and captures the token issue process of OAuth 2.0. As far as we know, this is the first attempt to formally abstract the authorization technology into a general primitive and then define its security. Then, we present a sufficiently rich three-party security model for OAuth protocols, covering all kinds of authorization flows, providing reasonably strong security guarantees and moreover capturing various web features. To confirm the soundness of our model, we also identify the known attacks against OAuth 2.0 in the model. Furthermore, we prove that two main modes of OAuth 2.0 can achieve our desired security by abstracting the token issue process into a 3P-ASD protocol. Our analysis is not only modular which can reflect the compositional nature of OAuth 2.0, but also fine-grained which can evaluate how the intermediate parameters affect the final security of OAuth 2.0.

Cyber threat intelligence (CTI) is an effective approach to improving cyber security of businesses. CTI provides information of business contexts affected by cyber threats and the corresponding countermeasures. If businesses can identify relevant CTI, they can take defensive actions before the threats, described in the relevant CTI, take place. However, businesses still lack knowledge to help identify relevant CTI. Furthermore, information in real-world systems is usually vague, imprecise, inconsistent and incomplete. This paper defines a business object that is a business context surrounded by CTI. A business object models the connection knowledge for CTI onto the business. To assemble the business objects, this paper proposes a novel representation of business oriented CTI and a system used for constructing and extracting the business objects. Generalised grey numbers, fuzzy sets and rough sets are used for the representation, and set approximations are used for the extraction of the business objects. We develop a prototype of the system and use a case study to demonstrate how the system works. We then conclude the paper together with the future research directions.

Increased penetration of distributed energy resources (DERs) creates challenges in formulating the security constrained optimal power flow (SCOPF) problem as the number of models for these resources proliferate. Specifically, the number of devices with different mathematical models is large and their integration into the SCOPF becomes tedious. Henceforth, a process that seamlessly models and integrates such new devices into the SCOPF problem is needed. We propose an object-oriented modeling approach that leads to the autonomous formation of the SCOPF problem. All device models in the system are cast into a universal syntax. We have also introduced a quadratization method which makes the models consisting of linear and quadratic equations, if nonlinear. We refer to this model as the State and Control Quadratized Device Model (SCQDM). The SCQDM includes a number of equations and a number of inequalities expressing the operating limits of the device. The SCOPF problem is then formed in a seamless manner by operating only on the SCQDM device objects. The SCOPF problem, formed this way, is also quadratic (i.e. consists of linear and quadratic equations), and of the same form and syntax as the SCQDM for an individual device. For this reason, we named it security constrained quadratic optimal power flow (SCQOPF). We solve the SCQOPF problem using a sequential linear programming (SLP) algorithm and compare the results with those obtained from the commercial solver Knitro on the IEEE 57 bus system.

With the great development of the information communication technology, power systems have been typical Cyber Physical Systems (CPSs). Although the control function of the grid side is becoming more intelligent, Grid Cyber Physical System (GCPS) brings the risk of potential cyberattacks. In this paper, the impacts of cyber-attacks against GCPS are analyzed based on confusion matrix model firstly, then a double-layer cyber physical collaboration control strategy adjustment methods is proposed considering the status of cyber modules and physical devices infected by cyber-attacks. Finally, the feasibility and effectiveness of the proposed method are verified on the IEEE standard system.

As a new type of complex system, multi delay network in the field of information security undertakes the important responsibility of solving information congestion, balancing network bandwidth and traffic. The problems of data loss, program failure and a large number of system downtime still exist in the conventional multi delay system when dealing with the problem of information jam, which makes the corresponding reliability of the whole system greatly reduced. Based on this, this paper mainly studies and analyzes the stability system and reliability of the corresponding multi delay system in the information security perspective. In this paper, the stability and reliability analysis of multi delay systems based on linear matrix and specific function environment is innovatively proposed. Finally, the sufficient conditions of robust asymptotic stability of multi delay systems are obtained. At the same time, the relevant stability conditions and robust stability conditions of multi delay feedback switched systems are given by simulation. In the experimental part, the corresponding data and conclusions are simulated. The simulation results show that the reliability and stability analysis data of multi delay system proposed in this paper have certain experimental value.

With the application of virtualization and multi-core processor in embedded system, the computing capacity of embedded system has been improved comprehensively, but it is also faced with malicious attacks against virtualization technology. First, it was analyzed the security requirements of each layer of embedded virtualization computing platform. Aiming at the security requirements, it was proposed the security architecture of embedded virtualization computing platform based on trusted computing module. It was designed the hardware trusted root on the hardware layer, the virtualization trusted root on the virtual machine manager layer, trusted computing component and security function component on guest operation system layer. Based on the trusted roots, it was built the static extension of the trusted chain on the platform. This security architecture can improve the active security protection capability of embedded virtualization computing platform.

Most machine learning-based malware detection systems use various supervised learning methods to classify different instances of software as benign or malicious. This approach provides no information regarding the behavioral characteristics of malware. It also requires a large amount of training data and is prone to labeling difficulties and can reduce accuracy due to redundant training data. Therefore, we propose a malware detection method based on deep learning, which uses malware images and a set of autoencoders to detect malware. The method is to design an autoencoder to learn the functional characteristics of malware, and then to observe the reconstruction error of autoencoder to realize the classification and detection of malware and benign software. The proposed approach achieves 93% accuracy and comparatively better F1-score values while detecting malware and needs little training data when compared with traditional malware detection systems.

Cloud computing, a multipurpose and high-performance internet-based computing, can model and transform a large range of application requirements into a set of workflow tasks. It allows users to represent their computational needs conveniently for data retrieval, reformatting, and analysis. However, workflow applications are big data applications and often take long hours to finish executing due to their nature and data size. In this paper, we study the cost optimised scheduling algorithms in cloud and proposed a novel task splitting algorithm named Cost optimised Heuristic Algorithm (COHA) for the cloud scheduler to optimise the execution cost. In this algorithm, the large tasks are split into sub-tasks to reduce their execution time. The design purpose is to enable all tasks to adequately meet their deadlines. We have carefully tested the performance of the COHA with a list of workflow inputs. The simulation results have convincingly demonstrated that COHA can effectively perform VM allocation and deployment, and well handle randomly arrived tasks. It can efficiently reduce execution costs while also allowing all tasks to properly finish before their deadlines. Overall, the improvements in our algorithm have remarkably reduced the execution cost by 32.5% for Sipht, 3.9% for Montage, and 1.2% for CyberShake workflows when compared to the state of art work.

As it was difficult for the State Grid Corporation of China (SGCC) to manage a large amount of safety equipment efficiently, resulting in the frequent occurrence of safety accidents caused by the quality of equipment. Therefore, this paper presents a design of a self-powered wireless communication radio frequency identification tag system based on the Si24R1. The system uses blockchain technology to provide a full-length, chain-like path for RFID big data to achieve data security management. Using low-power Si24R1 chips to make tags can extend the use time of tags and achieve full life cycle management of equipment. In addition, a transmission scheme was designed to reduce the packet loss rate, in this paper. Finally, the result showed that the device terminal received and processed information from the six tags simultaneously. According to calculations, this electronic tag could be used for up to three years. This system can be widely used for safe operation management, which can effectively reduce the investment of manpower and material resources.

As RFID system has fewer calculation and storage resources for RF tag, it is difficult to adopt the traditional encryption algorithm technology with higher security, which leads to the system being vulnerable to counterfeiting, tampering, leakage and other problems. To this end, a lightweight bidirectional security authentication method based on the combined public key is proposed. The method deals with the key management problem of the power Internet of things (IoT) in the terminal layer device by studying the combined public key (CPK) technology. The elliptic curve cryptosystem in the CPK has the advantages of short key length, fast calculation speed and small occupied bandwidth, which is very suitable for the hardware environment of RFID system with limited performance. It also ensures the security of the keys used in the access of the IoT terminal equipment to the authentication, and achieves overall optimization of speed, energy consumption, processing capacity and security.

Recent advances in adversarial attacks uncover the intrinsic vulnerability of modern deep neural networks. Since then, extensive efforts have been devoted to enhancing the robustness of deep networks via specialized learning algorithms and loss functions. In this work, we take an architectural perspective and investigate the patterns of network architectures that are resilient to adversarial attacks. To obtain the large number of networks needed for this study, we adopt one-shot neural architecture search, training a large network for once and then finetuning the sub-networks sampled therefrom. The sampled architectures together with the accuracies they achieve provide a rich basis for our study. Our ''robust architecture Odyssey'' reveals several valuable observations: 1) densely connected patterns result in improved robustness; 2) under computational budget, adding convolution operations to direct connection edge is effective; 3) flow of solution procedure (FSP) matrix is a good indicator of network robustness. Based on these observations, we discover a family of robust architectures (RobNets). On various datasets, including CIFAR, SVHN, Tiny-ImageNet, and ImageNet, RobNets exhibit superior robustness performance to other widely used architectures. Notably, RobNets substantially improve the robust accuracy ( 5% absolute gains) under both white-box and black-box attacks, even with fewer parameter numbers. Code is available at https://github.com/gmh14/RobNets.

The rapid development of low-power integrated circuits, wireless communication, intelligent sensors and microelectronics has allowed the realization of wireless body area networks (WBANs), which can monitor patients' vital body parameters remotely in real time to offer timely treatment. These vital body parameters are related to patients' life and health; and these highly private data are subject to many security threats. To guarantee privacy, many secure communication protocols have been proposed. However, most of these protocols have a one-to-one structure in extra-body communication and cannot support multidisciplinary team (MDT). Hence, we propose a lightweight and certificateless multi-receiver secure data transmission protocol for WBANs to support MDT treatment in this paper. In particular, a novel multi-receiver certificateless generalized signcryption (MR-CLGSC) scheme is proposed that can adaptively use only one algorithm to implement one of three cryptographic primitives: signature, encryption or signcryption. Then, a multi-receiver secure data transmission protocol based on the MR-CLGSC scheme with many security properties, such as data integrity and confidentiality, non-repudiation, anonymity, forward and backward secrecy, unlinkability and data freshness, is designed. Both security analysis and performance analysis show that the proposed protocol for WBANs is secure, efficient and highly practical.

With a massive amount of wireless sensor nodes in Internet of Things (IoT), it is difficult to establish key distribution and management mechanism for traditional encryption technology. Alternatively, the physical layer key generation technology is promising to implement in IoT, since it is based on the principle of information-theoretical security and has the advantage of low complexity. Most existing key generation schemes assume that eavesdropping channels are independent of legitimate channels, which may not be practical especially when eavesdropper nodes are near to legitimate nodes. However, this paper investigates key generation problems for a multi-relay wireless network in IoT, where the correlation between eavesdropping and legitimate channels are considered. Key generation schemes are proposed for both non-colluding and partially colluding eavesdroppers situations. The main idea is to divide the key agreement process into three phases: 1) we first generate a secret key by exploiting the difference between the random channels associated with each relay node and the eavesdropping channels; 2) another key is generated by integrating the residual common randomness associated with each relay pair; 3) the two keys generated in the first two phases are concatenated into the final key. The secrecy key performance of the proposed key generation schemes is also derived with closed-forms.

In order to improve the reliability of power supply in adjacent hydropower stations, the auxiliary power systems of the two stations are connected through a contact transformer. The magnetizing inrush current generated by the connecting transformer of a hydropower station has the characteristics of high frequency, strong energy, and multi-coupling. The harm caused by the connecting transformer is huge. In order to prevent misoperation during the closing process of the connecting transformer, this article aims at the problem of setting the switching current of the connecting transformer of the two hydropower stations, and establishes the analysis model of the excitation inrush current with SimPowerSystem software, and carries out the quantitative simulation calculation of the excitation inrush current of the connecting transformer. A setting strategy for overcurrent protection of tie transformers to suppress the excitation inrush current is proposed. Under the conditions of changing switch closing time, generator load, auxiliary transformer load, tie transformer core remanence, the maximum amplitude of the excitation inrush current is comprehensively judged Value, and then achieve the suppression of the excitation inrush current, and accurately determine the protection setting of the switch.