Biblio

We consider a cloud based multiserver system consisting of a set of replica application servers behind a set of proxy (indirection) servers which interact directly with clients over the Internet. We study a proactive moving-target defense to thwart a DDoS attacker's reconnaissance phase and consequently reduce the attack's impact. The defense is effectively a moving-target (motag) technique in which the proxies dynamically change. The system is evaluated using an AWS prototype of HTTP redirection and by numerical evaluations of an “adversarial” coupon-collector mathematical model, the latter allowing larger-scale extrapolations.

Blockchain is the one of leading technology of this time; it has started to revolutionize several fields like, finance, business, industry, smart home, healthcare, social networks, Internet and the Internet of Things. It has many benefits like, decentralized network, robustness, availability, stability, anonymity, auditability and accountability. The applications of Blockchain are emerging, and it is found that most of the work is focused on its engineering implementation. While the theoretical part is very less considered and explored. In this paper we implemented the simulation of mining process in Blockchain based systems using queuing theory. We took the parameters of one of the mature Cryptocurrency, Bitcoin's real data and simulated using M/M/n/L queuing system in JSIMgraph. We have achieved realistic results; and expect that it will open up new research direction in theoretical research of Blockchain based systems.

This paper work is focused on Performance comparison of intrusion detection system between DBN Algorithm and SPELM Algorithm. Researchers have used this new algorithm SPELM to perform experiments in the area of face recognition, pedestrian detection, and for network intrusion detection in the area of cyber security. The scholar used the proposed State Preserving Extreme Learning Machine(SPELM) algorithm as machine learning classifier and compared it's performance with Deep Belief Network (DBN) algorithm using NSL KDD dataset. The NSL- KDD dataset has four lakhs of data record; out of which 40% of data were used for training purposes and 60% data used in testing purpose while calculating the performance of both the algorithms. The experiment as performed by the scholar compared the Accuracy, Precision, recall and Computational Time of existing DBN algorithm with proposed SPELM Algorithm. The findings have show better performance of SPELM; when compared its accuracy of 93.20% as against 52.8% of DBN algorithm;69.492 Precision of SPELM as against 66.836 DBN and 90.8 seconds of Computational time taken by SPELM as against 102 seconds DBN Algorithm.

The rapid development of the Cloud Computing Technologies (CCTs) has amended the conventional design of resource-constrained Network Control System (NCS) to the powerful and flexible design of Cloud-Based Networked Control System (CB-NCS) by relocating the processing part to the cloud server. This arrangement has produced many internets based exquisite applications. However, this new arrangement has also raised many network security challenges for the cloud-based control system related to cyber-physical part of the system. In the absence of robust verification methodology, an attacker can launch the modification attack in order to destabilize or take control of NCS. It is desirable that there shall be a solution authentication methodology used to verify whether the incoming solutions are coming from the cloud or not. This paper proposes a methodology used for the verification of the receiving solution to the local control system from the cloud using Karush-Kuhn-Tucker (KKT) conditions, which is then applied to actuator after verification and thus ensure the stability in case of modification attack.

Cloud-based cyber-physical systems, like vehicle and intelligent transportation systems, are now attracting much more attentions. These systems usually include large-scale distributed sensor networks covering various components and producing enormous measurement data. Lots of modeling languages are put to use for describing cyber-physical systems or its aspects, bringing contribution to the development of cyber-physical systems. But most of the modeling techniques only focuse on software aspect so that they could not exactly express the whole cloud-based cyber-physical systems, which require appropriate views and tools in its design; but those tools are hard to be used under systemic or object-oriented methods. For example, the widest used modeling language, UML, could not fulfil the above design's requirements by using the foremer's standard form. This paper presents a method designing the cloud-based cyber-physical systems with AADL, by which we can analyse, model and apply those requirements on cloud platforms ensuring QoS in a relatively highly extensible way at the mean time.

The aim of this paper is to explore the performance of two well-known wave energy converters (WECs) namely Floating Buoy Point Absorber (FBPA) and Oscillating Surge (OS) in onshore and offshore locations. To achieve clean energy targets by reducing greenhouse gas emissions, integration of renewable energy resources is continuously increasing all around the world. In addition to widespread renewable energy source such as wind and solar photovoltaic (PV), wave energy extracted from ocean is becoming more tangible day by day. In the literature, a number of WEC devices are reported. However, further investigations are still needed to better understand the behaviors of FBPA WEC and OS WEC under irregular wave conditions in onshore and offshore locations. Note that being surrounded by Bay of Bengal, Bangladesh has huge scope of utilizing wave power. To this end, FBPA WEC and OS WEC are simulated using the typical onshore and offshore wave height and wave period of the coastal area of Bangladesh. Afterwards, performances of the aforementioned two WECs are compared by analyzing their power output.

Privacy becomes one of the important issues in data-driven applications. The advent of non-PC devices such as Internet-of-Things (IoT) devices for data-driven applications leads to needs for light-weight data anonymization. In this paper, we develop an anonymization framework that expedites model learning in parallel and generates deployable models for devices with low computing capability. We evaluate our framework with various settings such as different data schema and characteristics. Our results exhibit that our framework learns anonymization models up to 16 times faster than a sequential anonymization approach and that it preserves enough information in anonymized data for data-driven applications.

Privacy becomes one of the important issues in data-driven applications. The advent of non-PC devices such as Internet-of-Things (IoT) devices for data-driven applications leads to needs for light-weight data anonymization. In this paper, we develop an anonymization framework that expedites model learning in parallel and generates deployable models for devices with low computing capability. We evaluate our framework with various settings such as different data schema and characteristics. Our results exhibit that our framework learns anonymization models up to 16 times faster than a sequential anonymization approach and that it preserves enough information in anonymized data for data-driven applications.

The increasing publication of large amounts of data, theoretically anonymous, can lead to a number of attacks on the privacy of people. The publication of sensitive data without exposing the data owners is generally not part of the software developers concerns. The regulations for the data privacy-preserving create an appropriate scenario to focus on privacy from the perspective of the use or data exploration that takes place in an organization. The increasing number of sanctions for privacy violations motivates the systematic comparison of three known machine learning algorithms in order to measure the usefulness of the data privacy preserving. The scope of the evaluation is extended by comparing them with a known privacy preservation metric. Different parameter scenarios and privacy levels are used. The use of publicly available implementations, the presentation of the methodology, explanation of the experiments and the analysis allow providing a framework of work on the problem of the preservation of privacy. Problems are shown in the measurement of the usefulness of the data and its relationship with the privacy preserving. The findings motivate the need to create optimized metrics on the privacy preferences of the owners of the data since the risks of predicting sensitive attributes by means of machine learning techniques are not usually eliminated. In addition, it is shown that there may be a hundred percent, but it cannot be measured. As well as ensuring adequate performance of machine learning models that are of interest to the organization that data publisher.

There are increasing threats for cyberspace. This paper tries to identify how extreme cybersecurity incidents occur based on the scenario of a targeted attack through emails. Knowledge on how extreme cybersecurity incidents occur helps in identifying the key points on how they can be prevented from occurring. The model based on system thinking approach to the understanding how communication influences entities and how tiny initiating events scale up into extreme events provides a condensed figure of the cyberspace and surrounding threats. By taking cyberspace layers and characteristics of cyberspace identified by this model into consideration, it predicts most suitable risk mitigations.

Wireless communication network (WCN) performance is primarily depends on physical layer security which is critical among all other layers of OSI network model. It is typically prone to anomaly/malicious user's attacks owing to openness of wireless channels. Cognitive radio networking (CRN) is a recently emerged wireless technology that is having numerous security challenges because of its unlicensed access of wireless channels. In CRNs, the security issues occur mainly during spectrum sensing and is more pronounced during distributed spectrum sensing. In recent past, various anomaly effects are modelled and developed detectors by applying advanced statistical techniques. Nevertheless, many of these detectors have been developed based on sensing data of one variable (energy measurement) and degrades their performance drastically when the data is contaminated with multiple anomaly nodes, that attack the network cooperatively. Hence, one has to develop an efficient multiple anomaly detection algorithm to eliminate all possible cooperative attacks. To achieve this, in this work, the impact of anomaly on detection probability is verified beforehand in developing an efficient algorithm using bivariate data to detect possible attacks with mahalanobis distance measure. Result discloses that detection error of cooperative attacks by anomaly has significant impact on eigenvalue-based sensing.

with the development of SDN, ICN and 5G networks, the research of future network becomes a hot topic. Based on the design idea of SDN network, this paper analyzes the propagation model and detection method of malicious code in future network. We select characteristics of SDN and analyze the features use different feature selection methods and sort the features. After comparison the influence of running time by different classification algorithm of different feature selection, we analyze the choice of reduction dimension m, and find out the different types of malicious code corresponding to the optimal feature subset and matching classification method, designed for malware detection system. We analyze the node migration rate of malware in mobile network and its effect on the outbreak of the time. In this way, it can provide reference for the management strategy of the switch node or the host node by future network controller.

Machine learning experts prefer to think of their input as a single, homogeneous, and consistent data set. However, when analyzing large volumes of data, the entire data set may not be manageable on a single server, but must be stored on a distributed file system instead. Moreover, with the pressing demand to deliver explainable models, the experts may no longer focus on the machine learning algorithms in isolation, but must take into account the distributed nature of the data stored, as well as the impact of any data pre-processing steps upstream in their data analysis pipeline. In this paper, we make the point that even basic transformations during data preparation can impact the model learned, and that this is exacerbated in a distributed setting. We then sketch our vision of end-to-end explainability of the model learned, taking the pre-processing into account. In particular, we point out the potentials of linking the contributions of research on data provenance with the efforts on explainability in machine learning. In doing so, we highlight pitfalls we may experience in a distributed system on the way to generating more holistic explanations for our machine learning models.

For complex technical objects the research of cybersecurity problems should take into account both physical and information properties of the object. The paper considers a hybrid model that unifies information and physical models and may be used as a tool for countering cyber threats and for cybersecurity risk assessment at the design and operational stage of an object's lifecycle.

Workflow engines used to script scientific experiments involving numerical simulation, data analysis, instruments, edge sensors, and artificial intelligence have to deal with the complexities of hardware, software, resource availability, and the collaborative nature of science. In this paper, we survey workflow engines used in data-intensive and compute-intensive discovery pipelines from scientific disciplines such as astronomy, high energy physics, earth system science, bio-medicine, and material science and present a qualitative analysis of their respective capabilities. We compare 5 popular workflow engines and their differentiated approach to job orchestration, job launching, data management and provenance, security authentication, ease-ofuse, workflow description, and scripting semantics. The comparisons presented in this paper allow practitioners to choose the appropriate engine for their scientific experiment and lead to recommendations for future work.

Self-timed circuits can be modeled in a link-joint style using a formally defined hardware description language. It has previously been shown how functional properties of these models can be formally verified with the ACL2 theorem prover using a scalable, hierarchical method. Here we extend that method to parameterized circuit families that may have loops and non-deterministic outputs. We illustrate this extension with iterative self-timed circuits that calculate the greatest common divisor of two natural numbers, with circuits that perform arbitrated merges non-deterministically, and with circuits that combine both of these.

Virtual Prototypes (VPs) at the Electronic System Level (ESL) written in SystemC language using its Transaction Level Modeling (TLM) framework are increasingly adopted by the semiconductor industry. The main reason is that VPs are much earlier available, and their simulation is orders of magnitude faster in comparison to the hardware models implemented at lower levels of abstraction (e.g. RTL). This leads designers to use VPs as reference models for an early design verification. Hence, the correctness assurance of these reference models (VPs) is critical as undetected faults may propagate to less abstract levels in the design process, increasing the fixing cost and effort. In this paper, we propose a novel simulation-based verification approach to automatically validate the simulation behavior of a given SystemC VP against both the TLM-2.0 rules and its specifications (i.e. functional and timing behavior of communications in the VP). The scalability and the efficiency of the proposed approach are demonstrated using an extensive set of experiments including a real-word VP.

Logic locking, and Integrated Circuit (IC) Camouflaging, are techniques that try to hide the design of an IC from a malicious foundry or end-user by introducing ambiguity into the netlist of the circuit. While over the past decade an array of such techniques have been proposed, their security has been constantly challenged by algorithmic attacks. This may in part be due to a lack of formally defined notions of security in the first place, and hence a lack of security guarantees based on long-standing hardness assumptions. In this paper we take a formal approach. We define the problem of circuit locking (cL) as transforming an original circuit to a locked one which is ``unintelligable'' without a secret key (this can model camouflaging and split-manufacturing in addition to logic locking). We define several notions of security for cL under different adversary models. Using long standing results from computational learning theory we show the impossibility of exponentially approximation-resilient locking in the presence of an oracle for large classes of Boolean circuits. We then show how exact-recovery-resiliency and a more relaxed notion of security that we coin ``best-possible'' approximation-resiliency can be provably guaranteed with polynomial overhead. Our theoretical analysis directly results in stronger attacks and defenses which we demonstrate through experimental results on benchmark circuits.

Cloud Management Platforms (CMP) have been developed in recent years to set up cloud computing architecture. Infrastructure-as-a-Service (IaaS) is a cloud-delivered model designed by the provider to gather a set of IT resources which are furnished as services for user Virtual Machine Image (VMI) provisioning and management. Openstack is one of the most useful CMP which has been developed for industry and academic researches to simulate IaaS classical processes such as launch and store user VMI instance. In this paper, the main purpose is to adopt a security policy for a secure launch user VMI across a trust cloud environment founded on a combination of enhanced TPM remote attestation and cryptographic techniques to ensure confidentiality and integrity of user VMI requirements.

In Cloud Computing Environment, using only static security measures didn't mitigate the attack considerably. Hence, deployment of sophisticated methods by the attackers to understand the network topology of complex network makes the task easier. For this reason, the use of dynamic security measure as virtual machine (VM) migration increases uncertainty to locate a virtual machine in a dynamic attack surface. Although this, not all VM's migration enhances security. Indeed, the destination server to host the VM should be selected precisely in order to avoid externality and attack at the same time. In this paper, we model migration in cloud environment by using continuous Markov Chain. Then, we analyze the probability of a VM to be compromised based on the destination server parameters. Finally, we provide some numerical results to show the effectiveness of our approach in term of avoiding intrusion.

Cooperative Intelligent Transport Systems (C-ITS) are expected to play an important role in our lives. They will improve the traffic safety and bring about a revolution on the driving experience. However, these benefits are counterbalanced by possible attacks that threaten not only the vehicle's security, but also passengers' lives. One of the most common attacks is the Sybil attack, which is even more dangerous than others because it could be the starting point of many other attacks in C-ITS. This paper proposes a distributed approach allowing the detection of Sybil attacks by using the traffic flow theory. The key idea here is that each vehicle will monitor its neighbourhood in order to detect an eventual Sybil attack. This is achieved by a comparison between the real accurate speed of the vehicle and the one estimated using the V2V communications with vehicles in the vicinity. The estimated speed is derived by using the traffic flow fundamental diagram of the road's portion where the vehicles are moving. This detection algorithm is validated through some extensive simulations conducted using the well-known NS3 network simulator with SUMO traffic simulator.

Automatic optimal response systems are essential for preserving power system resilience and ensuring faster recovery from emergency under cyber compromise. Numerous research works have developed such response engine for cyber and physical system recovery separately. In this paper, we propose a novel cyber-physical decision support system, SCORE, that computes optimal actions considering pure and hybrid cyber-physical states, using Markov Decision Process (MDP). Such an automatic decision making engine can assist power system operators and network administrators to make a faster response to prevent cascading failures and attack escalation respectively. The hybrid nature of the engine makes the reward and state transition model of the MDP unique. Value iteration and policy iteration techniques are used to compute the optimal actions. Tests are performed on three and five substation power systems to recover from attacks that compromise relays to cause transmission line overflow. The paper also analyses the impact of reward and state transition model on computation. Corresponding results verify the efficacy of the proposed engine.

Disaster is an unexpected event in a system lifetime, which can be made by nature or even human errors. Disaster recovery of information technology is an area of information security for protecting data against unsatisfactory events. It involves a set of procedures and tools for returning an organization to a state of normality after an occurrence of a disastrous event. So the organizations need to have a good plan in place for disaster recovery. There are many strategies for traditional disaster recovery and also for cloud-based disaster recovery. This paper focuses on using cloud-based disaster recovery strategies instead of the traditional techniques, since the cloud-based disaster recovery has proved its efficiency in providing the continuity of services faster and in less cost than the traditional ones. The paper introduces a proposed model for virtual private disaster recovery on cloud by using two metrics, which comprise a recovery time objective and a recovery point objective. The proposed model has been evaluated by experts in the field of information technology and the results show that the model has ensured the security and business continuity issues, as well as the faster recovery of a disaster that could face an organization. The paper also highlights the cloud computing services and illustrates the most benefits of cloud-based disaster recovery.

Model compression is considered to be an effective way to reduce the implementation cost of deep neural networks (DNNs) while maintaining the inference accuracy. Many recent studies have developed efficient model compression algorithms and implementations in accelerators on various devices. Protecting integrity of DNN inference against fault attacks is important for diverse deep learning enabled applications. However, there has been little research investigating the fault resilience of DNNs and the impact of model compression on fault tolerance. In this work, we consider faults on different data types and develop a simulation framework for understanding the fault resiliency of compressed DNN models as compared to uncompressed models. We perform our experiments on two common DNNs, LeNet-5 and VGG16, and evaluate their fault resiliency with different types of compression. The results show that binary quantization can effectively increase the fault resilience of DNN models by 10000x for both LeNet5 and VGG16. Finally, we propose software and hardware mitigation techniques to increase the fault resiliency of DNN models.

Emergence of Information and Communication Technology (ICT) has facilitated its users to access electronic services through open channel like Internet. This approach of digital communication has its specific security lapses, which should be addressed properly to ensure Privacy, Integrity, Non-repudiation and Authentication (PINA) of information. During message communication, intruders may mount infringement attempts to compromise the communication. The situation becomes critical, if an user is identified by multiple identification numbers, as in that case, intruder have a wide window open to use any of its identification number to fulfill its ill intentions. To resolve this issue, author have proposed a single window based cloud service delivery model, where a smart card serves as a single interface to access multifaceted electronic services like banking, healthcare, employment, etc. To detect and prevent unauthorized access, in this paper, authors have focused on the intrusion detection system of the cloud service model during cloud banking transaction.