Biblio

Attribute reduction algorithms in rough set theory can be classified into two groups, i.e. heuristics algorithms and computational intelligence algorithms. The former has good search efficiency but it can not find the global optimal reduction. Conversely, the latter is possible to find global optimal reduction but usually suffers from premature convergence. To address this problem, this paper proposes a two-stage algorithm for finding high quality reduction. In first stage, a classical differential evolution algorithm is employed to rapidly approach the optimal solution. When the premature convergence is detected, a local search algorithm which is intuitively a forward-backward heuristics is launched to improve the quality of the reduction. Experiments were performed on six UCI data sets and the results show that the proposed algorithm can outperform the existing computational intelligence algorithms.

Though the deep penetration of cyber systems across the smart grid sub-domains enrich the operation of the wide-area protection, control, and smart grid applications, the stochastic nature of cyber-attacks by adversaries inflict their performance and the system operation. Various hardware-in-the-loop (HIL) cyber-physical system (CPS) testbeds have attempted to evaluate the cyberattack dynamics and power system perturbations for robust wide-area protection algorithms. However, physical resource constraints and modular integration designs have been significant barriers while modeling large-scale grid models (scalability) and have limited many of the CPS testbeds to either small-scale HIL environment or complete simulation environments. This paper proposes a meticulous design and efficient modeling of IEC-61850 logical nodes in physical relays to simulate large-scale grid models in a HIL real-time digital simulator environment integrated with industry-grade hardware and software systems for wide-area power system applications. The proposed meticulous design includes multi-breaker emulation in the physical relays, which extends the capacity of a physical relay to accommodate more number of CPS interfaces in the HIL CPS security testbed environment. We have used our existing HIL CPS security testbed to demonstrate scalability by the real-time performance of ten simultaneous IEEE-39 CPS grid models. The experiments demonstrated significant results by 100% real-time performance with zero overruns, and low latency while receiving and executing control signals from physical SEL relays via IEC-61850 and DNP-3 protocols to real-time digital simulator, substation remote terminal unit (RTU) software and supervisory control and data acquisition (SCADA) software at control center.

Space-air-ground integrated network (SAGIN) is emerged as a versatile computing and traffic architecture in recent years. Though SAGIN brings many significant benefits for modern communication and computing services, there are many unprecedented challenges in SAGIN. The one critical challenge in SAGIN is the data security. In SAGIN, because the data will be stored in cleartext on cloud, the sensitive data may suffer from the illegal access by the unauthorized users even the untrusted cloud servers (CSs). Ciphertext-policy attribute-based encryption (CP-ABE), which is a type of attribute-based encryption (ABE), has been regarded as a promising solution to the critical challenge of the data security on cloud. But there are two main blemishes in traditional CP-ABE. The first one is that there is only one attribute authority (AA) in CP-ABE. If the single AA crashs down, the whole system will be shut down. The second one is that the AA cannot effectively manage the life cycle of the users’ private keys. If a user on longer has one attribute, the AA cannot revoke the user’s private key of this attribute. This means the user can still decrypt some ciphertexts using this invalid attribute. In this paper, to solve the two flaws mentioned above, we propose a multi-authority CP-ABE (MA-CP-ABE) scheme with the dynamical key revocation (DKR). Our key revocation supports both user revocation and attribute revocation. And the our revocation is time friendly. What’s more, by using our dynamically tag-based revocation algorithm, AAs can dynamically and directly re-enable or revoke the invalid attributes to users. Finally, by evaluating and implementing our scheme, we can observe that our scheme is more comprehensive and practical for cloud applications in SAGIN.

In the existing scheduling algorithms of mimicry structure, the random algorithm cannot solve the problem of large vulnerability window in the process of random scheduling. Based on known vulnerabilities, the algorithm with diversity and complexity as scheduling indicators can not only fail to meet the characteristic requirements of mimic's endogenous security for defense, but also cannot analyze the unknown vulnerabilities and measure the continuous differences in time of mimic Executive Entity. In this paper, from the Angle of attack surface is put forward based on mimicry attack the mimic Executive Entity scheduling algorithm, its resources to measure analysis method and mimic security has intrinsic consistency, avoids the random algorithm to vulnerability and modeling using known vulnerabilities targeted, on time at the same time can ensure the diversity of the Executive body, to mimic the attack surface web server scheduling system in continuous time is less, and able to form a continuous differences. Experiments show that the minimum symbiotic resource scheduling algorithm based on time continuity is more secure than the random scheduling algorithm.

This work considers the trade-off between security and performance when revealing partial information about encrypted data computed on. The focus of our work is on information revealed through control flow side-channels when executing programs on encrypted data. We use quantitative information flow to measure security, running time to measure performance and program transformation techniques to alter the trade-off between the two. Combined with information flow policies, we perform a policy-aware security and performance trade-off (PASAPTO) analysis. We formalize the problem of PASAPTO analysis as an optimization problem, prove the NP-hardness of the corresponding decision problem and present two algorithms solving it heuristically. We implemented our algorithms and combined them with the Dataflow Authentication (DFAuth) approach for outsourcing sensitive computations. Our DFAuth Trade-off Analyzer (DFATA) takes Java Bytecode operating on plaintext data and an associated information flow policy as input. It outputs semantically equivalent program variants operating on encrypted data which are policy-compliant and approximately Pareto-optimal with respect to leakage and performance. We evaluated DFATA in a commercial cloud environment using Java programs, e.g., a decision tree program performing machine learning on medical data. The decision tree variant with the worst performance is 357% slower than the fastest variant. Leakage varies between 0% and 17% of the input.

Packet classification is used to determine the behavior of incoming packets to network devices. Because it is achieved using a linear search on a classification rule list, a larger number of rules leads to a longer communication latency. To decrease this latency, the problem is generalized as Optimal Rule Ordering (ORO), which aims to identify the order of rules that minimizes the classification latency caused by packet classification while preserving the classification policy. Because ORO is known to be NP-complete by Hamed and Al-Shaer [Dynamic rule-ordering optimization for high-speed firewall filtering, ASIACCS (2006) 332-342], various heuristics for ORO have been proposed. Sub-graph merging (SGM) by Tapdiya and Fulp [Towards optimal firewall rule ordering utilizing directed acyclical graphs, ICCCN (2009) 1-6] is the state of the art heuristic algorithm for ORO. In this paper, we propose a novel heuristic method for ORO. Although most heuristics try to recursively determine the maximum-weight rule and move it as far as possible to an upper position, our algorithm pairs rules that cause policy violations until there are no such rules to simply sort the rules by these weights. Our algorithm markedly decreases the classification latency and reordering time compared with SGM in experiments. The sets consisting of thousands of rules that require one or more hours for reordering by SGM can be reordered by the proposed method within one minute.

Cyber-physical systems (CPS) depend on cybersecurity to ensure functionality, data quality, cyberattack resilience, etc. There are known and unknown cyber threats and attacks that pose significant risks. Information assurance and information security are critical. Many systems are vulnerable to intelligence exploitation and cyberattacks. By investigating cybersecurity risks and formal representation of CPS using spatiotemporal dynamic graphs and networks, this paper investigates topics and solutions aimed to examine and empower: (1) Cybersecurity capabilities; (2) Information assurance and system vulnerabilities; (3) Detection of cyber threat and attacks; (4) Situational awareness; etc. We introduce statistically-characterized dynamic graphs, novel entropy-centric algorithms and calculi which promise to ensure near-real-time capabilities.

Motions of facial components convey significant information of facial expressions. Although remarkable advancement has been made, the dynamic of facial topology has not been fully exploited. In this paper, a novel facial expression recognition (FER) algorithm called Spatial Temporal Semantic Graph Network (STSGN) is proposed to automatically learn spatial and temporal patterns through end-to-end feature learning from facial topology structure. The proposed algorithm not only has greater discriminative power to capture the dynamic patterns of facial expression and stronger generalization capability to handle different variations but also higher interpretability. Experimental evaluation on two popular datasets, CK+ and Oulu-CASIA, shows that our algorithm achieves more competitive results than other state-of-the-art methods.

This paper proposes a stream cipher algorithm. Its main principle is conducting the binary random dynamic hash with the help of key. At the same time of calculating the hash mapping address of plaintext, change the value of plaintext through bits scrambling, and then map it to the ciphertext space. This encryption method has strong randomness, and the design of hash functions and bits scrambling is flexible and diverse, which can constitute a set of encryption and decryption methods. After testing, the code evenness of the ciphertext obtained using this method is higher than that of the traditional method under some extreme conditions..

Clustering is a concept in data mining, which divides a data set into different classes or clusters according to a specific standard, making the similarity of data objects in the same cluster as large as possible. Clustering by fast search and find of density peaks (DPC) is a novel clustering algorithm based on density. It is simple and novel, only requiring fewer parameters to achieve better clustering effect, without the requirement for iterative solution. And it has expandability and can detect the clustering of any shape. However, DPC algorithm still has some defects, such as it employs the clear neighborhood relations to calculate local density, so it cannot identify the neighborhood membership of different values of points from the distance of points and It is impossible to accurately cluster the data of the multi-density peak. The fuzzy neighborhood density peak clustering algorithm is proposed for this shortcoming (F-DPC): novel local density is defined by the fuzzy neighborhood relationship. The fuzzy set theory can be used to make the fuzzy neighborhood function of local density more sensitive, so that the clustering for data set of various shapes and densities is more robust. Experiments show that the algorithm has high accuracy and robustness.

Since 2018, a broad class of microarchitectural attacks called transient execution attacks (e.g., Spectre and Meltdown) have been disclosed. By abusing speculative execution mechanisms in modern CPUs, these attacks enable adversaries to leak secrets across security boundaries. A transient execution attack typically evolves through multiple stages, termed the attack chain. We find that current transient execution attacks usually rely on static attack chains, resulting in that any blockage in an attack chain may cause the failure of the entire attack. In this paper, we propose a novel defense-aware framework, called TEADS, for synthesizing transient execution attacks dynamically. The main idea of TEADS is that: each attacking stage in a transient execution attack chain can be implemented in several ways, and the implementations used in different attacking stages can be combined together under certain constraints. By constructing an attacking graph representing combination relationships between the implementations and testing available paths in the attacking graph dynamically, we can finally synthesize transient execution attacks which can bypass the imposed defense techniques. Our contributions include: (1) proposing an automated defense-aware framework for synthesizing transient execution attacks, even though possible combinations of defense strategies are enabled; (2) presenting an attacking graph extension algorithm to detect potential attack chains dynamically; (3) implementing TEADS and testing it on several modern CPUs with different protection settings. Experimental results show that TEADS can bypass the defenses equipped, improving the adaptability and durability of transient execution attacks.

Vehicular Ad-Hoc Networks (VANET) are liable to the Black, Worm and Gray Hole attacks because of the broadcast nature of the wireless medium and a lack of authority standards. Black Hole attack covers the situation when a malicious node uses its routing protocol in order to publicize itself for having the shortest route to the destination node. This aggressive node publicizes its availability of fresh routes regardless of checking its routing table. The consequences of these attacks could lead not only to the broken infrastructure, but could cause hammering people's lives. This paper aims to investigate and compare methods for preventing such types of attacks in a VANET.

As a promising solution of spectrum shortage, spectrum sharing has received tremendous interests recently. However, under different sharing policies of different licensees, the shared spectrum is heterogeneous both temporally and spatially, and is usually uncertain due to the unpredictable activities of incumbent users. In this paper, considering the spectrum uncertainty, we propose a spectrum sharing based delay-tolerant traffic off-loading (SDTO) scheme. To capture the available heterogeneous shared bands, we adopt a mesh cognitive radio network and employ the multi-hop transmission mode. To statistically guarantee the end-to-end (E2E) session request under the uncertain spectrum supply, we formulate the SDTO scheme into a stochastic optimization problem, which is transformed into a mixed integer nonlinear programming (MINLP) problem. Then, a coarse-fine search based iterative heuristic algorithm is proposed to solve the MINLP problem. Simulation results demonstrate that the proposed SDTO scheme can well schedule the network resource with an E2E session guarantee.

Due to the network topology high dynamic changes, the number of ground users and the impact of uneven traffic, the load difference between SDN-based satellite network controllers varies widely, which will cause network performance such as network delay and throughput to drop dramatically. Aiming at the above problems, a multi-controller optimized deployment strategy of satellite network based on SDN was proposed. First, the controller's load state is divided into four types: overload state, high load state, normal state, and idle state; second, when a controller in the network is idle, the switch under its jurisdiction is migrated to the adjacent low load controller and turn off the controller to reduce waste of resources. When the controller is in a high-load state and an overload state, consider both the controller and the switch, and migrate the high-load switch to the adjacent low-load controller. Balance the load between controllers, improve network performance, and improve network performance and network security. Simulation results show that the method has an average throughput improvement of 2.7% and a delay reduction of 3.1% compared with MCDALB and SDCLB methods.

Software Defined Network (SDN) is a new type of network architecture solution, and its innovation lies in decoupling traditional network system into a control plane, a data plane, and an application plane. It logically implements centralized control and management of the network, and SDN is considered to represent the development trend of the network in the future. However, SDN still faces many security challenges. Currently, the number of insecure devices is huge. Distributed Denial of Service (DDoS) attacks are one of the major network security threats.This paper focuses on the detection and mitigation of DDoS attacks in SDN. Firstly, we explore a solution to detect DDoS using Renyi entropy, and we use exponentially weighted moving average algorithm to set a dynamic threshold to adapt to changes of the network. Second, to mitigate this threat, we analyze the historical behavior of each source IP address and score it to determine the malicious source IP address, and use OpenFlow protocol to block attack source.The experimental results show that the scheme studied in this paper can effectively detect and mitigate DDoS attacks.

Security services and share information is provided by the computer network. The computer network is by default there is not security. The Attackers can use this provision to hack and steal private information. Confidentiality, creation, changes, and truthful of data is will be big problems in the network. Many types of research have given many methods regarding this, from these methods Generating Initial Chromosome Key called Generating Dynamic Chromosome Key (GDCK), which is a novel approach. With the help of the RSA (Rivest Shamir Adleman) algorithm, GICK and GDCK have created an initial key. The proposed method has produced new techniques using genetic fitness function for the sender and receiver. The outcome of GICK and GDCK has been verified by NIST (National Institute of Standards Technology) tools and analyzes randomness of auto-generated keys with various methods. The proposed system has involved three examines; it has been yield better P-Values 6.44, 7.05, and 8.05 while comparing existing methods.

Particle swarm optimization (PSO), as a kind of swarm intelligence algorithm, has the advantages of simple algorithm principle, less programmable parameters and easy programming. Many scholars have applied particle swarm optimization (PSO) to various fields through learning it, and successfully solved linear problems, nonlinear problems, multiobjective optimization and other problems. However, the algorithm also has obvious problems in solving problems, such as slow convergence speed, too early maturity, falling into local optimization in advance, etc., which makes the convergence speed slow, search the optimal value accuracy is not high, and the optimization effect is not ideal. Therefore, many scholars have improved the particle swarm optimization algorithm. Taking into account the improvement ideas proposed by scholars in the early stage and the shortcomings still existing in the improvement, this paper puts forward the idea of improving particle swarm optimization algorithm in the future.

The papers in this special section explore recent advancements in parallel graph processing. In the sphere of modern data science and data-driven applications, graph algorithms have achieved a pivotal place in advancing the state of scientific discovery and knowledge. Nearly three centuries of ideas have made graph theory and its applications a mature area in computational sciences. Yet, today we find ourselves at a crossroads between theory and application. Spurred by the digital revolution, data from a diverse range of high throughput channels and devices, from across internet-scale applications, are starting to mark a new era in data-driven computing and discovery. Building robust graph models and implementing scalable graph application frameworks in the context of this new era are proving to be significant challenges. Concomitant to the digital revolution, we have also experienced an explosion in computing architectures, with a broad range of multicores, manycores, heterogeneous platforms, and hardware accelerators (CPUs, GPUs) being actively developed and deployed within servers and multinode clusters. Recent advances have started to show that in more than one way, these two fields—graph theory and architectures–are capable of benefiting and in fact spurring new research directions in one another. This special section is aimed at introducing some of the new avenues of cutting-edge research happening at the intersection of graph algorithm design and their implementation on advanced parallel architectures.

In this paper, decentralized dynamic power allocation problem has been investigated for mobile ad hoc network (MANET) at tactical edge. Due to the mobility and self-organizing features in MANET and environmental uncertainties in the battlefield, many existing optimal power allocation algorithms are neither efficient nor practical. Furthermore, the continuously increasing large scale of the wireless connection population in emerging Internet of Battlefield Things (IoBT) introduces additional challenges for optimal power allocation due to the “Curse of Dimensionality”. In order to address these challenges, a novel Actor-Critic-Mass algorithm is proposed by integrating the emerging Mean Field game theory with online reinforcement learning. The proposed approach is able to not only learn the optimal power allocation for IoBT in a decentralized manner, but also effectively handle uncertainties from harsh environment at tactical edge. In the developed scheme, each agent in IoBT has three neural networks (NN), i.e., 1) Critic NN learns the optimal cost function that minimizes the Signal-to-interference-plus-noise ratio (SINR), 2) Actor NN estimates the optimal transmitter power adjustment rate, and 3) Mass NN learns the probability density function of all agents' transmitting power in IoBT. The three NNs are tuned based on the Fokker-Planck-Kolmogorov (FPK) and Hamiltonian-Jacobian-Bellman (HJB) equation given in the Mean Field game theory. An IoBT wireless network has been simulated to evaluate the effectiveness of the proposed algorithm. The results demonstrate that the actor-critic-mass algorithm can effectively approximate the probability distribution of all agents' transmission power and converge to the target SINR. Moreover, the optimal decentralized power allocation is obtained through integrated mean-field game theory with reinforcement learning.

FastChain is a simulator built in NS-3 which simulates the networked battlefield scenario with military applications, connecting tankers, soldiers and drones to form Internet-of-Battlefield-Things (IoBT). Computing, storage and communication resources in IoBT are limited during certain situations in IoBT. Under these circumstances, these resources should be carefully combined to handle the task to accomplish the mission. FastChain simulator uses Sharding approach to provide an efficient solution to combine resources of IoBT devices by identifying the correct and the best set of IoBT devices for a given scenario. Then, the set of IoBT devices for a given scenario collaborate together for sharding enabled Blockchain technology. Interested researchers, policy makers and developers can download and use the FastChain simulator to design, develop and evaluate blockchain enabled IoBT scenarios that helps make robust and trustworthy informed decisions in mission-critical IoBT environment.

The Rowhammer bug is a novel micro-architectural security threat, enabling powerful privilege-escalation attacks on various mainstream platforms. It works by actively flipping bits in Dynamic Random Access Memory (DRAM) cells with unprivileged instructions. In order to set up Rowhammer against binaries in the Linux page cache, the Waylaying algorithm has previously been proposed. The Waylaying method stealthily relocates binaries onto exploitable physical addresses without exhausting system memory. However, the proof-of-concept Waylaying algorithm can be easily detected during page cache eviction because of its high disk I/O overhead and long running time. This paper proposes the more advanced Memway algorithm, which improves on Waylaying in terms of both I/O overhead and speed. Running time and disk I/O overhead are reduced by 90% by utilizing Linux tmpfs and inmemory swapping to manage eviction files. Furthermore, by combining Memway with the unprivileged posix fadvise API, the binary relocation step is made 100 times faster. Equipped with our Memway+fadvise relocation scheme, we demonstrate practical Rowhammer attacks that take only 15-200 minutes to covertly relocate a victim binary, and less than 3 seconds to flip the target instruction bit.

In this paper, we investigate the protection mechanism of source location privacy, in which back-tracing attack is performed by an adversary. A dynamic and disjoint routing mechanism (DDRM) is proposed to achieve a strong protection for source location privacy in an energy-efficient manner. Specially, the selection of intermediate node renders the message transmission randomly and flexibly. By constructing k disjoint paths, an adversary could not receive sufficient messages to locate the source node. Simulation results illustrate the effectiveness of the proposed mechanism.

Wireless sensor networks (WSNs) have the potential to be widely used in many applications. Due to lack of a protected physical boundary, wireless communications are vulnerable to unauthorized interception and detection. While encryption can provide the integrality and confidentiality of the message, it is much more difficult to adequately address the source location privacy. For static deployed WSNs, adversary can easily perform trace-back attack to locate the source nodes by monitoring the traffic. The eavesdropped messages will leak the direction information of the source location by statistic analysis on traffic flow. In this paper, we propose a theoretical analysis measurement to address the quantitative amount of the information leakage from the eavesdropped message. Through this scheme, we analyze the conditions that satisfy the optimum protection for routing protocol design. Based on the proposed principle, we design a routing algorithm to minimize the information leakage by distributing the routing path uniformly in WSN. The theoretical analysis shows the proposed routing algorithm can provide approximate maximization of source location privacy. The simulation results show the proposed routing algorithm is very efficient and can be used for practical applications.

The safety of critical cyber-physical IoT devices hinges on the security of their embedded software that implements control algorithms for monitoring and control of the associated physical processes, e.g., robotics and drones. Reverse engineering of the corresponding embedded controller software binaries enables their security analysis by extracting high-level, domain-specific, and cyber-physical execution semantic information from executables. We present MISMO, a domain-specific reverse engineering framework for embedded binary code in emerging cyber-physical IoT control application domains. The reverse engineering outcomes can be used for firmware vulnerability assessment, memory forensics analysis, targeted memory data attacks, or binary patching for dynamic selective memory protection (e.g., important control algorithm parameters). MISMO performs semantic-matching at an algorithmic level that can help with the understanding of any possible cyber-physical security flaws. MISMO compares low-level binary symbolic values and high-level algorithmic expressions to extract domain-specific semantic information for the binary's code and data. MISMO enables a finer-grained understanding of the controller by identifying the specific control and state estimation algorithms used. We evaluated MISMO on 2,263 popular firmware binaries by 30 commercial vendors from 6 application domains including drones, self-driving cars, smart homes, robotics, 3D printers, and the Linux kernel controllers. The results show that MISMO can accurately extract the algorithm-level semantics of the embedded binary code and data regions. We discovered a zero-day vulnerability in the Linux kernel controllers versions 3.13 and above.

With the proposal of the national industrial 4.0 strategy, the integration of industrial control network and Internet technology is getting higher and higher. At the same time, the closeness of industrial control networks has been broken to a certain extent, making the problem of industrial control network security increasingly serious. S7 protocol is a private protocol of Siemens Company in Germany, which is widely used in the communication process of industrial control network. In this paper, an industrial control intrusion detection model based on S7 protocol is proposed. Traditional protocol parsing technology cannot resolve private industrial control protocols, so, this model uses deep analysis algorithm to realize the analysis of S7 data packets. At the same time, in order to overcome the complexity and portability of static white list configuration, this model dynamically builds a white list through white list self-learning algorithm. Finally, a composite intrusion detection method combining white list detection and abnormal behavior detection is used to detect anomalies. The experiment proves that the method can effectively detect the abnormal S7 protocol packet in the industrial control network.