Biblio

In the era of big data, more and more users store data in the cloud. Massive amounts of data have brought huge storage costs to cloud storage providers, and data deduplication technology has emerged. In order to protect the confidentiality of user data, user data should be encrypted and stored in the cloud. Therefore, deduplication of encrypted data has become a research hotspot. Cloud storage provides users with data sharing services, and the sharing of encrypted data is another research hotspot. The combination of encrypted data deduplication and sharing will inevitably become a future trend. The current better-performing updateable block-level message-locked encryption (UMLE) deduplication scheme does not support data sharing, and the performance of the encrypted data de-duplication scheme that introduces data sharing is not as good as that of UMLE. This paper introduces the ciphertext policy attribute based encryption (CP-ABE) system sharing mechanism on the basis of UMLE, applies the CP-ABE method to encrypt the master key generated by UMLE, to achieve secure and efficient data deduplication and sharing. In this paper, we propose a permission verification method based on bilinear mapping, and according to the definition of the security model proposed in the security analysis phase, we prove this permission verification method, showing that our scheme is secure. The comparison of theoretical analysis and simulation experiment results shows that this scheme has more complete functions and better performance than existing schemes, and the proposed authorization verification method is also secure.

With the progress of science and technology and the development of Internet technology, Internet technology has penetrated into various industries in today’s society. But this explosive growth is also troubling information security. Among them, XSS (cross-site scripting vulnerability) is one of the most influential vulnerabilities in Internet applications in recent years. Traditional network security detection technology is becoming more and more weak in the new network environment, and deep learning methods such as CNN and RNN can only learn the spatial or timing characteristics of data samples in a single way. In this paper, a generalized self-regression pretraining model XLNet and GRU XSS attack detection method is proposed, the self-regression pretrained model XLNet is introduced and combined with GRU to learn the time series and spatial characteristics of the data, and the generalization capability of the model is improved by using dropout. Faced with the increasingly complex and ever-changing XSS payload, this paper refers to the character-level convolution to establish a dictionary to encode the data samples, thus preserving the characteristics of the original data and improving the overall efficiency, and then transforming it into a two-dimensional spatial matrix to meet XLNet’s input requirements. The experimental results on the Github data set show that the accuracy of this method is 99.92 percent, the false positive rate is 0.02 percent, the accuracy rate is 11.09 percent higher than that of the DNN method, the false positive rate is 3.95 percent lower, and other evaluation indicators are better than GRU, CNN and other comparative methods, which can improve the detection accuracy and system stability of the whole detection system. This multi-model fusion method can make full use of the advantages of each model to improve the accuracy of system detection, on the other hand, it can also enhance the stability of the system.

Most famous malware defense tools depend on a large number of detect rules, which are time consuming to develop and require lots of professional experience. Meanwhile, even commercial tools may show high false-negative for some new coming malware, whose patterns were not curved in the prepared rules. This paper proposed the Normalized CNN based Malicious binary Detection method on condition of String, Feature mining (NCMDSF) to address the above problems. Firstly, amount of string feature was extracted from thousands of windows binary applications. Secondly, a 3-layer normalized CNN model, with normalization layer other than down sampling layer, was fit to detect malware. Finally, the proposed method NCMDSF was evaluated to discover malware from more than 1,000 windows binary applications by K-fold cross validation. Experimental results showed that, NCMDSF was superior to some other learning-based methods, including classical CNN, LSTM, normalized LSTM, and won higher true positive rate on the condition of same false positive rate. Furthermore, it successfully avoids over-fitting that occurs in deep learning methods without using normalization.

This work establishes a game-theoretic framework to study cross-layer coordinated attacks on cyber-physical systems (CPSs). The attacker can interfere with the physical process and launch jamming attacks on the communication channels simultaneously. At the same time, the defender can dodge the jamming by dispensing with observations. The generic framework captures a wide variety of classic attack models on CPSs. Leveraging dynamic programming techniques, we fully characterize the Subgame Perfect Equilibrium (SPE) control strategies. We also derive the SPE observation and jamming strategies and provide efficient computational methods to compute them. The results demonstrate that the physical and cyber attacks are coordinated and depend on each other.On the one hand, the control strategies are linear in the state estimate, and the estimate error caused by jamming attacks will induce performance degradation. On the other hand, the interactions between the attacker and the defender in the physical layer significantly impact the observation and jamming strategies. Numerical examples illustrate the inter-actions between the defender and the attacker through their observation and jamming strategies.

With the booming of Internet technology, the continuous emergence of new technologies and new algorithms greatly expands the application boundaries of cyberspace. While enjoying the convenience brought by informatization, the society is also facing increasingly severe threats to the security of cyberspace. In cyber security defense, cyberspace operators rely on the discovered vulnerabilities, attack patterns, TTPs, and other knowledge to observe, analyze and determine the current threats to the network and security situation in cyberspace, and then make corresponding decisions. However, most of such open-source knowledge is distributed in different data sources in the form of text or web pages, which is not conducive to the understanding, query and correlation analysis of cyberspace operators. In this paper, a knowledge graph for cyber security is constructed to solve this problem. At first, in the process of obtaining security data from multi-source heterogeneous cyberspaces, we adopt efficient crawler to crawl the required data, paving the way for knowledge graph building. In order to establish the ontology required by the knowledge graph, we abstract the overall framework of security data sources in cyberspace, and depict in detail the correlations among various data sources. Then, based on the \$$\backslash$mathbfOWL +$\backslash$mathbfSWRL\$ language, we construct the cyber security knowledge graph. On this basis, we design an analysis system for situation in cyberspace based on knowledge graph and the Snort intrusion detection system (IDS), and study the rules in Snort. The system integrates and links various public resources from the Internet, including key information such as general platforms, vulnerabilities, weaknesses, attack patterns, tactics, techniques, etc. in real cyberspace, enabling the provision of comprehensive, systematic and rich cyber security knowledge to security researchers and professionals, with the expectation to provide a useful reference for cyber security defense.

Security databases such as Common Vulnerabilities and Exposures (CVE), Common Weakness Enumeration (CWE), and Common Attack Pattern Enumeration and Classification (CAPEC) maintain diverse high-quality security concepts, which are treated as security entities. Meanwhile, security entities are documented with many potential relation types that profit for security analysis and comprehension across these three popular databases. To support reasoning security entity relationships, translation-based knowledge graph representation learning treats each triple independently for the entity prediction. However, it neglects the important semantic information about the neighbor entities around the triples. To address it, we propose a text-enhanced graph attention network model (text-enhanced GAT). This model highlights the importance of the knowledge in the 2-hop neighbors surrounding a triple, under the observation of the diversity of each entity. Thus, we can capture more structural and textual information from the knowledge graph about the security databases. Extensive experiments are designed to evaluate the effectiveness of our proposed model on the prediction of security entity relationships. Moreover, the experimental results outperform the state-of-the-art by Mean Reciprocal Rank (MRR) 0.132 for detecting the missing relationships.

Federated learning (FL) has nourished a promising scheme to solve the data silo, which enables multiple clients to construct a joint model without centralizing data. The critical concerns for flourishing FL applications are that build a security and privacy-preserving learning environment. It is thus highly necessary to comprehensively identify and classify potential threats to utilize FL under security guarantees. This paper starts from the perspective of launched attacks with different computing participants to construct the unique threats classification, highlighting the significant attacks, e.g., poisoning attacks, inference attacks, and generative adversarial networks (GAN) attacks. Our study shows that existing FL protocols do not always provide sufficient security, containing various attacks from both clients and servers. GAN attacks lead to larger significant threats among the kinds of threats given the invisible of the attack process. Moreover, we summarize a detailed review of several defense mechanisms and approaches to resist privacy risks and security breaches. Then advantages and weaknesses are generalized, respectively. Finally, we conclude the paper to prospect the challenges and some potential research directions.

With the widespread deployment of Internet of Things (IoT) devices, hackers can use IoT devices to launch large-scale distributed denial of service (DDoS) attacks, which bring great harm to the Internet. However, how to defend against these attacks remains to be an open challenge. In this paper, we propose a novel prevention method for IoT DDoS attacks based on blockchain and obfuscation of IP addresses. Our observation is that IoT devices are usually resource-constrained and cannot support complicated cryptographic algorithms such as RSA. Based on the observation, we employ a novel authentication then communication mechanism for IoT DDoS attack prevention. In this mechanism, the attack targets' IP addresses are encrypted by a random security parameter. Clients need to be authenticated to obtain the random security parameter and decrypt the IP addresses. In particular, we propose to authenticate clients with public-key cryptography and a blockchain system. The complex authentication and IP address decryption operations disable IoT devices and thus block IoT DDoS attacks. The effectiveness of the proposed method is analyzed and validated by theoretical analysis and simulation experiments.

With the emergence of computationally intensive and delay sensitive applications, mobile edge computing(MEC) has become more and more popular. Simultaneously, MEC paradigm is faced with security challenges, the most harmful of which is DDoS attack. In this paper, we focus on the resource orchestration algorithm in MEC scenario to mitigate DDoS attack. Most of existing works on resource orchestration algorithm barely take into account DDoS attack. Moreover, they assume that MEC nodes are unselfish, while in practice MEC nodes are selfish and try to maximize their individual utility only, as they usually belong to different network operators. To solve such problems, we propose a price-based resource orchestration algorithm(PROA) using game theory and convex optimization, which aims at mitigating DDoS attack while maximizing the utility of each participant. Pricing resources to simulate market mechanisms, which is national to make rational decisions for all participants. Finally, we conduct experiment using Matlab and show that the proposed PROA can effectively mitigate DDoS attack on the attacked MEC node.

With the vigorous development of the Internet and the widespread popularity of smart devices, the amount of data it generates has also increased exponentially, which has also promoted the generation and development of cloud computing and big data. Given cloud computing and big data technology, cloud storage has become a good solution for people to store and manage data at this stage. However, when cloud storage manages and regulates massive amounts of data, its security issues have become increasingly prominent. Aiming at a series of security problems caused by a malicious user's illegal operation of cloud storage and the loss of all data, this paper proposes a threshold signature scheme that is signed by a private key composed of multiple users. When this method performs key operations of cloud storage, multiple people are required to sign, which effectively prevents a small number of malicious users from violating data operations. At the same time, the threshold signature method in this paper uses a double update factor algorithm. Even if the attacker obtains the key information at this stage, he can not calculate the complete key information before and after the time period, thus having the two-way security and greatly improving the security of the data in the cloud storage.

Aiming at the working mechanism of optical backbone network, based on the theory of complex network, the invulnerability evaluation index of optical backbone network is extracted from the physical topology of optical backbone network and the degree of bandwidth satisfaction, finally, the invulnerability evaluation model of optical backbone network is established. At the same time, the evaluation model is verified and analyzed with specific cases, through the comparison of 4 types of attack, the results show that the number of deliberate point attacks ( DP) is 16.7% lower than that of random point attacks ( RP) when the critical collapse state of the network is reached, and the number of deliberate edge attacks ( DE) is at least 10.4% lower than that of random edge attacks ( RE). Therefore, evaluating the importance of nodes and edges and strengthening the protection of key nodes and edges can help optical network effectively resist external attacks and significantly improve the anti-damage ability of optical network, which provides theoretical support for the anti-damage evaluation of optical network and has certain practical significance for the upgrade and reconstruction of optical network.

Industrial Internet is widely used in the production field. As the openness of networks increases, industrial networks facing increasing security risks. Information and communication technologies are now available for most industrial manufacturing. This industry-oriented evolution has driven the emergence of cloud systems, the Internet of Things (IoT), Big Data, and Industry 4.0. However, new technologies are always accompanied by security vulnerabilities, which often expose unpredictable risks. Industrial safety has become one of the most essential and challenging requirements. In this article, we highlight the serious challenges facing Industry 4.0, introduce industrial security issues and present the current awareness of security within the industry. In this paper, we propose solutions for the anomaly detection and defense of the industrial Internet based on the demand characteristics of network security, the main types of intrusions and their vulnerability characteristics. The main work is as follows: This paper first analyzes the basic network security issues, including the network security needs, the security threats and the solutions. Secondly, the security requirements of the industrial Internet are analyzed with the characteristics of industrial sites. Then, the threats and attacks on the network are analyzed, i.e., system-related threats and process-related threats; finally, the current research status is introduced from the perspective of network protection, and the research angle of this paper, i.e., network anomaly detection and network defense, is proposed in conjunction with relevant standards. This paper proposes a software-defined network (SDN)-based industrial Internet security gateway for the security protection of the industrial Internet. Since there are some known types of attacks in the industrial network, in order to fully exploit the effective information, we combine the ExtratreesClassifier to enhance the detection rate of anomaly detection. In order to verify the effectiveness of the algorithm, this paper simulates an industrial network attack, using the acquired training data for testing. The test data are industrial network traffic datasets, and the experimental results show that the algorithm is suitable for anomaly detection in industrial networks.

With the popularity of cloud computing, cloud storage technology has also been widely used. Among them, data integrity verification is a hot research topic. At present, the realization of public auditing has become the development trend of integrity verification. Most existing public auditing schemes rarely consider some indispensable functions at the same time. Thus, in this paper, we propose a comprehensive public auditing scheme (PDBPA) that can simultaneously realize data block privacy protection, data dynamics, and multi- user batch auditing. Our PDBPA scheme is implemented in bilinear pairing. By adding random masking in the audit phase, with the help of the characteristics of homomorphic verifiable tags (HVTs), it can not only ensure that the TPA performs the audit work correctly, but also prevent it from exploring the user’s sensitive data. In addition, by utilizing the modified index hash table (MIHT), data dynamics can be effectively achieved. Furthermore, we provide a specific process for the TPA to perform batch audits for multiple users. Moreover, we formally prove the security of the scheme; while achieving the audit correctness, it can resist three types of attacks.

In order to solve the problem of difficult verification of query results in searchable encryption, we used the idea of Shamir-secret sharing, combined with game theory, to construct a randomly verifiable multi-cloud server searchable encryption scheme to achieve the correctness of the query results in the cloud storage environment verify. Firstly, we using the Shamir-secret sharing technology, the encrypted data is stored on each independent server to construct a multi-cloud server model to realize the secure distributed storage and efficient query of data. Secondly, combined with game theory, a game tree of query server and verification server is constructed to ensure honesty while being efficient, and solve the problem of difficulty in returning search results to verify under the multi-cloud server model. Finally, security analysis and experimental analysis show that this solution effectively protects data privacy while significantly reducing retrieval time.

With the rapid development of smart grid, the data generated by grid services are growing rapidly, and the requirements for time delay are becoming more and more stringent. The storage and computing capacity of the existing terminal equipment can not meet the needs of high bandwidth and low delay of the system at the same time. Fortunately, mobile edge computing (MEC) can provide users with nearby storage and computing services at the network edge, this can give an option to simultaneously meet the requirement of high bandwidth and low delay. Aiming at the problem of service offload scheduling in edge computing, this paper proposes a delay optimized task offload algorithm based on task priority classification. Firstly, the priority of power grid services is divided by using analytic hierarchy process (AHP), and the processing efficiency and quality of service of emergency tasks are guaranteed by giving higher weight coefficients to delay constraints and security levels. Secondly, the service is initialized and unloaded according to the task preprocessing time. Finally, the reasonable subchannel allocation is carried out based on the task priority design decision method. Simulation results show that compared with the traditional approaches, our algorithm can effectively improve the overall system revenue and reduce the average user task delay.

Mobile Social Networks have become one of the most convenient services for users to share information everywhere. This crowdsourced information is often meaningful and recommended to users, e.g., reviews on Yelp or high marks on Dianping, which poses the threat of Sybil attacks. To address the problem of Sybil attacks, previous solutions mostly use indirect/direct graph model or clickstream model to detect fake accounts. However, they are either dependent on strong connections or solely preserved by servers of social networks. In this paper, we propose a novel predictable approach by exploiting users' custom patterns to distinguish Sybil attackers from normal users for the application of recommendation in mobile social networks. First, we introduce the entropy of spatial-temporal features to profile the mobility traces of normal users, which is quite different from Sybil attackers. Second, we develop discriminative entropy-based features, i.e., users' preference features, to measure the uncertainty of users' behaviors. Third, we design a smart Sybil detection model based on a binary classification approach by combining our entropy-based features with traditional behavior-based features. Finally, we examine our model and carry out extensive experiments on a real-world dataset from Dianping. Our results have demonstrated that the model can significantly improve the detection accuracy of Sybil attacks.

This article considers the group consistency of second-order MAS with directly connected spanning tree communication topology. Because the MAS is divided into several groups, we proposed a group consistency control method based on intermittent control, and the range of parameters is given when the system achieves consensus. The protocol can realize periodic control and reduce the working hours of the controller in period. Furthermore, the group consistency of MAS is turn to the stability analysis of error, and a group consistency protocol of MAS with time-delays is designed. Finally, two examples are used for verify the theory.

In this paper, we mainly introduce the security protection technology of smart grid based on edge computing and propose an edge computing security protection architecture based on multi-service flexible mechanism. Aiming at the real time requirements of heterogeneous energy terminal access and power edge computing business in multiple interactive environment, a real-time and strong compatibility terminal security access mechanism integrating physical characteristics and lightweight cryptographic mechanism is proposed. According to different power terminal security data requirements, the edge computing data transmission, processing security and privacy protection technology are proposed. In addition, in the power system of distribution, microgrid and advanced metering system, the application of edge computing has been well reflected. Combined with encryption technology, access authentication, the security defense of edge data, edge equipment and edge application is carried out in many aspects, which strengthens the security and reliability of business penetration and information sharing at the edge of power grid, and realizes the end-to-end and end-to-system security prevention and control of power grid edge computing.

In contrast to traditional grids, smart grids can help utilities save energy, thereby reducing operating costs. In the smart grid, the quality of monitoring and control can be fully improved by combining computing and intelligent communication knowledge. However, this will expose the system to FDI attacks, and the system is vulnerable to intrusion. Therefore, it is very important to detect such erroneous data injection attacks and provide an algorithm to protect the system from such attacks. In this paper, a FDI detection method based on LSTM has been proposed, which is validated by the simulation on the ieee-14 bus platform.

The construction of a strong and smart grid is inseparable from the advancement of the power system, and the effective application of modern communication technologies allows the traditional grid to better transform into the energy Internet. With the advent of 5G, people pay close attention to the application of network slicing, not only as an emerging technology, but also as a new business model. In this article, we consider the delay requirements of certain services in the power grid. First, we analyze the security issues in network slicing and model the 5G core network slicing supply as a mixed integer linear programming problem. On this basis, a heuristic algorithm is proposed. According to the topological properties, resource utilization and delay of the slice nodes, the importance of them is sorted using the VIKOR method. In the slice link configuration stage, the shortest path algorithm is used to obtain the slice link physical path. Considering the delay of the slice link, a strategy for selecting the physical path is proposed. Simulations show that the scheme and algorithm proposed in this paper can achieve a high slice configuration success rate while ensuring the end-to-end delay requirements of the business, and meet the 5G core network slice security requirements.

In order to realize Intelligent Disaster Recovery and break the traditional reactive backup mode, it is necessary to forecast the potential system anomalies, and proactively backup the real-time datas and configurations. System logs record the running status as well as the critical events (including errors and warnings), which can help to detect system performance, debug system faults and analyze the causes of anomalies. What's more, with the features of real-time, hierarchies and easy-access, log data can be an ideal source for monitoring system status. To reduce the complexity and improve the robustness and practicability of existing log-based anomaly detection methods, we propose a new anomaly detection mechanism based on hierarchical weights, which can deal with unstable log data. We firstly extract semantic information of log strings, and get the word-level weights by SIF algorithm to embed log strings into vectors, which are then feed into attention-based Long Short-Term Memory(LSTM) deep learning network model. In addition to get sentence-level weight which can be used to explore the interdependence between different log sequences and improve the accuracy, we utilize attention weights to help with building workflow to diagnose the abnormal points in the execution of a specific task. Our experimental results show that the hierarchical weights mechanism can effectively improve accuracy of perdition task and reduce complexity of the model, which provides the feasibility foundation support for Intelligent Disaster Recovery.

Digital signature is more appropriate for message security in Wireless Sensors Networks (WSNs), which is energy-limited, than costly encryption. However, it meets with difficulty of verification when a large amount of message-signature pairs swarm into the central node in WSNs. In this paper, a scalable group testing algorithm based on Latin square (SGTLS) is proposed, which focus on both batch verification of signatures and invalid signature identification. To address the problem of long time-delay during individual verification, we adapt aggregate signature for batch verification so as to judge whether there are any invalid signatures among the collection of signatures once. In particular, when batch verification fails, an invalid signature identification algorithm is presented based on scalable OR-checking matrix of Latin square, which can adjust the number of group testing by itself with the variation of invalid signatures. Comprehensive analyses show that SGTLS has more advantages, such as scalability, suitability for parallel computing and flexible design (Latin square is popular), than other algorithm.

The problem of buffer overflow in the information system is not threatening, and the system's own defense mechanism can detect and terminate code injection attacks. However, as countermeasures compete with each other, advanced stack overflow attacks have emerged: Return Oriented-Programming (ROP) technology, which has become a hot spot in the field of system security research in recent years. First, this article explains the reason for the existence of this technology and the attack principle. Secondly, it systematically expounds the realization of the return-oriented programming technology at home and abroad in recent years from the common architecture platform, the research of attack load construction, and the research of variants based on ROP attacks. Finally, we summarize the paper.

In order to meet the requirements of secure start-up of embedded devices, this paper designs a secure and trusted circuit to realize the secure and trusted start-up of the system. This paper analyzes the principle and method of the circuit design, and verifies the preset information of the embedded device before the start of the embedded device, so as to ensure that the start process of the embedded device is carried out according to the predetermined way, and then uses the security module to measure the integrity of the data in the start process, so as to realize a trusted embedded system. The experimental results show that the security module has stronger security features and low latency. The integrity measurement is implemented in the trusted embedded system to realize the safe startup of embedded devices.

The Internet of Vehicles (IoV) can offer safe and comfortable driving experiences with the cooperation communications between central servers and cache-enabled road side units (RSUs) as edge severs, which also can provide high-speed, high-quality and high-stability communication access for vehicle users (VUs). However, due to the huge popular traffic volume, the burden of backhaul link will be seriously enlarged, which will greatly degrade the service experience of the IoV. In order to alleviate the backhaul load of IoV network, in this paper, we propose an asynchronous coded caching strategy composed of two phases, i.e., content placement and asynchronous coded transmission. The asynchronous request and request deadline are closely considered to design our asynchronous coded transmission algorithm. Also, we derive the close-form expression of average backhaul load under the nonuniform demands of IoV users. Finally, we formulate an optimization problem of minimizing average backhaul load and obtain the optimized content placement vector. Simulation results verify the feasibility of our proposed strategy under the asynchronous situation.