Biblio

Following substantial advancements in stochastic classes of decision-making optimization problems, scenario-based stochastic optimization, robust\textbackslashtextbackslash distributionally robust optimization, and chance-constrained optimization have recently gained an increasing attention. Despite the remarkable developments in probabilistic forecast of uncertainties (e.g., in renewable energies), most approaches are still being employed in a univariate framework which fails to unlock a full understanding on the underlying interdependence among uncertain variables of interest. In order to yield cost-optimal solutions with predefined probabilistic guarantees, conditional and dynamic interdependence in uncertainty forecasts should be accommodated in power systems decision-making. This becomes even more important during the emergencies where high-impact low-probability (HILP) disasters result in remarkable fluctuations in the uncertain variables. In order to model the interdependence correlation structure between different sources of uncertainty in power systems during both normal and emergency operating conditions, this paper aims to bridge the gap between the probabilistic forecasting methods and advanced optimization paradigms; in particular, perdition regions are generated in the form of ellipsoids with probabilistic guarantees. We employ a modified Khachiyan's algorithm to compute the minimum volume enclosing ellipsoids (MVEE). Application results based on two datasets on wind and photovoltaic power are used to verify the efficiency of the proposed framework.

In this paper, we propose the first traffic monitoring and labeling system for iOS devices, named iMonitor, which not just captures mobile network traffic in .pcap files, but also provides comprehensive APP-related and user-related information of captured packets. Through further analysis, one can obtain the exact APP or device where each packet comes from. The labeled traffic can be used in many research areas for mobile security, such as privacy leakage detection and user profiling. Given the implementation methodology of NetworkExtension framework of iOS 9+, APP labels of iMonitor are reliable enough so that labeled traffic can be regarded as training data for any traffic classification methods. Evaluations on real iPhones demonstrate that iMonitor has no notable impact upon user experience even with slight packet latency. Also, the experiment result supports our motivation that mobile traffic monitoring for iOS is absolutely necessary, as traffic generated by different OSes like Android and iOS are different and unreplaceable in researches.

This paper proposes an intelligent functional architecture for an advanced launch site system that is composed of five parts: the intelligent technical area, the intelligent launching region, the intelligent flight and landing area, the intelligent command and control system, and the intelligent analysis assessment system. The five parts consist of the infrastructure, facilities, equipment, hardware and software and thus include the whole mission processes of ground and launch systems from flight articles' entry to launch. The architectural framework is designed for the intelligent elements of the parts. The framework is also defined as the interrelationship and the interface of the elements, including the launch vehicle and flight payloads. Based on the Internet of Things (IoT), the framework is integrated on four levels: the physical layer, the perception layer, the network layer, and the application layer. The physical layer includes the physical objects and actuators of the launch site. The perception layer consists of the sensors and data processing system. The network layer supplies the access gateways and backbone network. The application layer serves application systems through the middleware platform. The core of the intelligent system is the controller of the automatic control system crossing the four layers. This study builds the models of the IoT, cloud platform, middleware, integrated access gateway, and automatic control system for actual ground and launch systems. A formal approach describes and defines the architecture, models and autonomous control flows in the paper. The defined models describe the physical objects, intelligent elements, interface relations, status transformation functions, etc. The test operation and launch processes are connected with the intelligent system model. This study has been applied to an individual mission project and achieved good results. The architecture and the models of this study regulate the relationship between the elements of the intelligent system. The study lays a foundation for the architectural construction, the simulation and the verification of the intelligent systems at the launch site.

With the continuing evolution of sophisticated APT attacks, provenance tracking is becoming an important technique for efficient attack investigation in enterprise networks. Most of existing provenance techniques are operating on system event auditing that discloses dependence relationships by scrutinizing syscall traces. Unfortunately, such auditing-based provenance is not able to track the causality of another important dimension in provenance, the shared libraries. Different from other data-only system entities like files and sockets, dynamic libraries are linked at runtime and may get executed, which poses new challenges in provenance tracking. For example, library provenance cannot be tracked by syscalls and mapping; whether a library function is called and how it is called within an execution context is invisible at syscall level; linking a library does not promise their execution at runtime. Addressing these challenges is critical to tracking sophisticated attacks leveraging libraries. In this paper, to facilitate fine-grained investigation inside the execution of library binaries, we develop Lprov, a novel provenance tracking system which combines library tracing and syscall tracing. Upon a syscall, Lprov identifies the library calls together with the stack which induces it so that the library execution provenance can be accurately revealed. Our evaluation shows that Lprov can precisely identify attack provenance involving libraries, including malicious library attack and library vulnerability exploitation, while syscall-based provenance tools fail to identify. It only incurs 7.0% (in geometric mean) runtime overhead and consumes 3 times less storage space of a state-of-the-art provenance tool.

We address secure resource allocation for an OFDMA cooperative cognitive radio network (CRN) with energy harvesting (EH) capability. In the network, one primary user (PU) cooperates with several untrusted secondary users (SUs) with one SU transmitter and several SU receivers, where the SU transmitter and all SU receivers may overhear the PU transmitter's information while all SU receivers may eavesdrop on each other's signals. We consider the scenario when SUs are wireless devices with small physical sizes; therefore to improve system performance we suppose that SUs are equipped with co-located orthogonally dual-polarized antennas (ODPAs). With ODPAs, on one hand, the SU transmitter can first harvest energy from radio frequency (RF) signals emitted by the PU transmitter, and then utilize the harvested energy to simultaneously serve the PU and all SU receivers. On the other hand, by exploiting polarization-based signal processing techniques, both the PU's and SUs' physical-layer security can be enhanced. In particular, to ensure the PU's communication security, the PU receiver also sends jamming signals to degrade the reception performance of SUs, and meanwhile the jamming signals can also become new sources of energy powering the SU transmitter. For the considered scenario, we investigate the joint allocation of subcarriers, powers, and power splitting ratios to maximize the total secrecy rate of all SUs while ensuring the PU's minimum secrecy rate requirement. Finally, we evaluate the performance of our resource allocation scheme through numerical analyses.

Advanced cyber attacks consist of multiple stages aimed at being stealthy and elusive. Such attack patterns leave their footprints spatio-temporally dispersed across many different logs in victim machines. However, existing log-mining intrusion analysis systems typically target only a single type of log to discover evidence of an attack and therefore fail to exploit fundamental inter-log connections. The output of such single-log analysis can hardly reveal the complete attack story for complex, multi-stage attacks. Additionally, some existing approaches require heavyweight system instrumentation, which makes them impractical to deploy in real production environments. To address these problems, we present HERCULE, an automated multi-stage log-based intrusion analysis system. Inspired by graph analytics research in social network analysis, we model multi-stage intrusion analysis as a community discovery problem. HERCULE builds multi-dimensional weighted graphs by correlating log entries across multiple lightweight logs that are readily available on commodity systems. From these, HERCULE discovers any "attack communities" embedded within the graphs. Our evaluation with 15 well known APT attack families demonstrates that HERCULE can reconstruct attack behaviors from a spectrum of cyber attacks that involve multiple stages with high accuracy and low false positive rates.