Biblio

We address the problem of distributed state estimation of a linear dynamical process in an attack-prone environment. A network of sensors, some of which can be compromised by adversaries, aim to estimate the state of the process. In this context, we investigate the impact of making a small subset of the nodes immune to attacks, or “trusted”. Given a set of trusted nodes, we identify separate necessary and sufficient conditions for resilient distributed state estimation. We use such conditions to illustrate how even a small trusted set can achieve a desired degree of robustness (where the robustness metric is specific to the problem under consideration) that could otherwise only be achieved via additional measurement and communication-link augmentation. We then establish that, unfortunately, the problem of selecting trusted nodes is NP-hard. Finally, we develop an attack-resilient, provably-correct distributed state estimation algorithm that appropriately leverages the presence of the trusted nodes.

At present, the network architecture is based on the TCP/IP protocol and node communications are achieved by the IP address and identifier of the node. The IP address in the network remains basically unchanged, so it is more likely to be attacked by network intruder. To this end, it is important to make periodic dynamic hopping in a specific address space possible, so that an intruder fails to obtain the internal network address and grid topological structure in real time and to continue to perform infiltration by the building of a new address space layout randomization system on the basis of SDN from the perspective of an attacker.

As a new generation of network architecture with subversive changes to traditional IP networks, Content Centric Networks (CCN) has attracted widespread attention from domestic and foreign scholars for its efficient content distribution, multi-path and secure routing features. The design architecture of CCN network has many advantages. However, it is also easily used illegally, which brings certain security problems. For example, objectified network resources which include requesters, publishers, content and node routes, are faced with many security threats, such as privacy attribute disclosure, privacy detection, content information disclosure, and spoofing and denial of service attacks. A node routing security scheme based on dynamic reputation value is proposed for the security problem of node routing. It is convenient for detecting node routing attacks and defending in time. And it could provide security for the Content Centric Networks node routing without affecting the node routing advantages and normal user requests.

This paper investigates the effectiveness of reinforcement learning (RL) model in clustering as an approach to achieve higher network scalability in distributed cognitive radio networks. Specifically, it analyzes the effects of RL parameters, namely the learning rate and discount factor in a volatile environment, which consists of member nodes (or secondary users) that launch attacks with various probabilities of attack. The clusterhead, which resides in an operating region (environment) that is characterized by the probability of attacks, countermeasures the malicious SUs by leveraging on a RL model. Simulation results have shown that in a volatile operating environment, the RL model with learning rate α= 1 provides the highest network scalability when the probability of attacks ranges between 0.3 and 0.7, while the discount factor γ does not play a significant role in learning in an operating environment that is volatile due to attacks.

Mobile Ad hoc Network (MANET) is the collection of mobile devices which could change the locations and configure themselves without a centralized base point. Mobile Ad hoc Networks are vulnerable to attacks due to its dynamic infrastructure. The routing attacks are one among the possible attacks that causes damage to MANET. This paper gives a new method of risk aware response technique which is combined version the Dijkstra's shortest path algorithm and Destination Sequenced Distance Vector (DSDV) algorithm. This can reduce black hole attacks. Dijkstra's algorithm finds the shortest path from the single source to the destination when the edges have positive weights. The DSDV is an improved version of the conventional technique by adding the sequence number and next hop address in each routing table.

OpenFlow has been the main standard protocol of software defined networking (SDN) since the launch of this new networking paradigm. It is a programmable network protocol that controls traffic flows among switches and routers regardless of their platforms. Its security relies on the optional implementation of Transport Layer Security (TLS) which has been proven vulnerable. The aim of this research was to develop a secured OpenFlow, so-called Secured-OF. A stateful firewall was used to store state information for further analysis. Dynamic Bayesian Network (DBN) was used to learn denial-of-service attack and distributed denial-of-service attack. It analyzes packet states to determine the nature of an attack and adds that piece of information to the flow table entry. The proposed Secured-OF model in Ryu controller was evaluated with several performance metrics. The analytical evaluation of the proposed Secured-OF scheme was performed on an emulated network. The results showed that the proposed Secured-OF scheme offers a high attack detection accuracy at 99.5%. In conclusion, it was able to improve the security of the OpenFlow controller dramatically with trivial performance degradation compared to an SDN with no security implementation.

Many applications use asymmetric cryptography to secure communications between two parties. One of the main issues with asymmetric cryptography is the need for vast amounts of computation and storage. While this may be true, elliptic curve cryptography (ECC) is an approach to asymmetric cryptography used widely in low computation devices due to its effectiveness in generating small keys with a strong encryption mechanism. The ECC decreases power consumption and increases device performance, thereby making it suitable for a wide range of devices, ranging from sensors to the Internet of things (IoT) devices. It is necessary for the ECC to have a strong implementation to ensure secure communications, especially when encoding a message to an elliptic curve. It is equally important for the ECC to secure the mapping of the message to the curve used in the encryption. This work objective is to propose a trusted and proofed scheme that offers authenticated encryption (AE) for both encoding and mapping a message to the curve. In addition, this paper provides analytical results related to the security requirements of the proposed scheme against several encryption techniques. Additionally, a comparison is undertaken between the SE-Enc and other state-of-the-art encryption schemes to evaluate the performance of each scheme.

Advanced Persistent Threat (APT) attack has the characteristics of complex attack means, long duration and great harmfulness. Based on the idea of dynamic deception, the paper proposed an APT defense system framework, and analyzed the deception defense process. The paper proposed a hybrid encryption communication mechanism based on socket, a dynamic IP address generation method based on SM4, a dynamic timing selection method based on Viterbi algorithm and a dynamic policy allocation mechanism based on DHCPv6. Tests show that the defense system can dynamically change and effectively defense APT attacks.

Information security is a top priority in government and industry because high consequence cyber incidents continue with regularity. The blue teamers that protect cyber systems cannot stop or even know about all these incidents, so they must take measures to tolerate these incursions in addition to preventing and detecting them. We propose dynamically compartmentalizing subject networks into collaboration zones and limiting the communication between these zones. In this article, we demonstrate this technique's effect on the attacker and the defender for various parameter settings using discrete-time simulation. Based on our results, we conclude that dynamic cyber zone defense is a viable intrusion tolerance technique and should be considered for technology transfer.

Code obfuscation is the de facto standard to protect intellectual property when delivering code in an unmanaged environment. It relies on additive layers of code tangling techniques, white-box encryption calls and platform-specific or tool-specific countermeasures to make it harder for a reverse engineer to access critical pieces of data or to understand core algorithms. The literature provides plenty of different obfuscation techniques that can be used at compile time to transform data or control flow in order to provide some kind of protection against different reverse engineering scenarii. Scheduling code transformations to optimize a given metric is known as the pass scheduling problem, a problem known to be NP-hard, but solved in a practical way using hard-coded sequences that are generally satisfactory. Adding code obfuscation to the problem introduces two new dimensions. First, as a code obfuscator needs to find a balance between obfuscation and performance, pass scheduling becomes a multi-criteria optimization problem. Second, obfuscation passes transform their inputs in unconventional ways, which means some pass combinations may not be desirable or even valid. This paper highlights several issues met when blindly chaining different kind of obfuscation and optimization passes, emphasizing the need of a formal model to combine them. It proposes a non-intrusive formalism to leverage on sequential pass management techniques. The model is validated on real-world scenarii gathered during the development of an industrial-strength obfuscator on top of the LLVM compiler infrastructure.

Two design techniques improve the robustness of Whitenoise encryption algorithm implementation to side-channel attacks based on dynamic and/or static power consumption. The first technique conceals the power consumption and has linear cost. The second technique randomizes the power consumption and has quadratic cost. These techniques are not mutually exclusive; their synergy provides a good robustness to power analysis attacks. Other circuit-level protection can be applied on top of the proposed techniques, opening the avenue for generating very robust implementations.

This paper proposes a distributed fixed-time based secondary controller for the DC microgrids (MGs) to overcome the drawbacks of conventional droop control. The controller, based on a distributed fixed-time control approach, can remove the DC voltage deviation and provide proportional current sharing simultaneously within a fixed-time. Comparing with the conventional centralized secondary controller, the controller, using the dynamic consensus, on each converter communicates only with its neighbors on a communication graph which increases the convergence speed and gets an improved performance. The proposed control strategy is simulated in PLECS to test the controller performance, link-failure resiliency, plug and play capability and the feasibility under different time delays.

This paper studies the deletion propagation problem in terms of minimizing view side-effect. It is a problem funda-mental to data lineage and quality management which could be a key step in analyzing view propagation and repairing data. The investigated problem is a variant of the standard deletion propagation problem, where given a source database D, a set of key preserving conjunctive queries Q, and the set of views V obtained by the queries in Q, we try to identify a set T of tuples from D whose elimination prevents all the tuples in a given set of deletions on views △V while preserving any other results. The complexity of this problem has been well studied for the case with only a single query. Dichotomies, even trichotomies, for different settings are developed. However, no results on multiple queries are given which is a more realistic case. We study the complexity and approximations of optimizing the side-effect on the views, i.e., find T to minimize the additional damage on V after removing all the tuples of △V. We focus on the class of key-preserving conjunctive queries which is a dichotomy for the single query case. It is surprising to find that except the single query case, this problem is NP-hard to approximate within any constant even for a non-trivial set of multiple project-free conjunctive queries in terms of view side-effect. The proposed algorithm shows that it can be approximated within a bound depending on the number of tuples of both V and △V. We identify a class of polynomial tractable inputs, and provide a dynamic programming algorithm to solve the problem. Besides data lineage, study on this problem could also provide important foundations for the computational issues in data repairing. Furthermore, we introduce some related applications of this problem, especially for query feedback based data cleaning.

Network based attacks on ecommerce websites can have serious economic consequences. Hence, anomaly detection in dynamic network traffic has become an increasingly important research topic in recent years. This paper proposes a novel dynamic Graph and sparse Autoencoder based Anomaly Detection algorithm named GAAD. In GAAD, the network traffic over contiguous time intervals is first modelled as a series of dynamic bipartite graph increments. One mode projection is performed on each bipartite graph increment and the adjacency matrix derived. Columns of the resultant adjacency matrix are then used to train a sparse autoencoder to reconstruct it. The sum of squared errors between the reconstructed approximation and original adjacency matrix is then calculated. An online learning algorithm is then used to estimate a Gaussian distribution that models the error distribution. Outlier error values are deemed to represent anomalous traffic flows corresponding to possible attacks. In the experiment, a network emulator was used to generate representative ecommerce traffic flows over a time period of 225 minutes with five attacks injected, including SYN scans, host emulation and DDoS attacks. ROC curves were generated to investigate the influence of the autoencoder hyper-parameters. It was found that increasing the number of hidden nodes and their activation level, and increasing sparseness resulted in improved performance. Analysis showed that the sparse autoencoder was unable to encode the highly structured adjacency matrix structures associated with attacks, hence they were detected as anomalies. In contrast, SVD and variants, such as the compact matrix decomposition, were found to accurately encode the attack matrices, hence they went undetected.

In this paper, an image encryption scheme based on dynamic DNA sequence and two dimension logistic map is proposed. Firstly two different pseudo random sequences are generated using two dimension Sine-Henon alteration map. These sequences are used for altering the positions of each pixel of plain image row wise and column wise respectively. Secondly each pixels of distorted image and values of random sequences are converted into a DNA sequence dynamically using one dimension logistic map. Reversible DNA operations are applied between DNA converted pixel and random values. At last after decoding the results of DNA operations cipher image is obtained. Different theoretical analyses and experimental results proved the effectiveness of this algorithm. Large key space proved that it is possible to protect different types of attacks using our proposed encryption scheme.

Today the frequency of technological transformations is very high. In order to cope up with these, there is a demand for fast processing and secured algorithms should be proposed for data exchange. In this paper, Advanced Encryption Standard (AES) is modified using DNA cryptography for fast processing and dynamic S-boxes are introduced to develop an attack resistant algorithm. This is strengthened by combining symmetric and asymmetric algorithms. Diffie-Hellman key exchange is used for AES key generation and also for secret number generation used for creation of dynamic S-boxes. The proposed algorithm is fast in computation and can resist cryptographic attacks like linear and differential cryptanalysis attacks.

Differential privacy, which is due to its rigorous mathematical proof and strong privacy guarantee, has become a standard for the release of statistics with privacy protection. Recently, a lot of dynamic data publishing algorithms based on differential privacy have been proposed, but most of the algorithms use a native method to allocate the privacy budget. That is, the limited privacy budget is allocated to each time point uniformly, which may result in the privacy budget being unreasonably utilized and reducing the utility of data. In order to make full use of the limited privacy budget in the dynamic data publishing and improve the utility of data publishing, we propose a dynamic data publishing algorithm based on reinforcement learning in this paper. The algorithm consists of two parts: privacy budget allocation and data release. In the privacy budget allocation phase, we combine the idea of reinforcement learning and the changing characteristics of dynamic data, and establish a reinforcement learning model for the allocation of privacy budget. Finally, the algorithm finds a reasonable privacy budget allocation scheme to publish dynamic data. In the data release phase, we also propose a new dynamic data publishing strategy to publish data after the privacy budget is exhausted. Extensive experiments on real datasets demonstrate that our algorithm can allocate the privacy budget reasonably and improve the utility of dynamic data publishing.

Multi-tag identification technique has been applied widely in the RFID system to increase flexibility of the system. However, it also brings serious tags collision issues, which demands the efficient anti-collision schemes. In this paper, we propose a Multi-target tags assignment slots algorithm based on Hash function (MTSH) for efficient multi-tag identification. The proposed algorithm can estimate the number of tags and dynamically adjust the frame length. Specifically, according to the number of tags, the proposed algorithm is composed of two cases. when the number of tags is small, a hash function is constructed to map the tags into corresponding slots. When the number of tags is large, the tags are grouped and randomly mapped into slots. During the tag identification, tags will be paired with a certain matching rate and then some tags will exit to improve the efficiency of the system. The simulation results indicate that the proposed algorithm outperforms the traditional anti-collision algorithms in terms of the system throughput, stability and identification efficiency.

In the Network on Chip (NoC), performance optimization has always been a research focus. Compared with the static routing scheme, dynamical routing schemes can better reduce the data of packet transmission latency under network congestion. In this paper, we propose a dynamical Q-learning routing approach with real-time monitoring of NoC. Firstly, we design a real-time monitoring scheme and the corresponding circuits to record the status of traffic congestion for NoC. Secondly, we propose a novel method of Q-learning. This method finds an optimal path based on the lowest traffic congestion. Finally, we dynamically redistribute network tasks to increase the packet transmission speed and balance the traffic load. Compared with the C-XY routing and DyXY routing, our method achieved improvement in terms of 25.6%-49.5% and 22.9%-43.8%.

As a cyber attack which leverages social engineering and other sophisticated techniques to steal sensitive information from users, phishing attack has been a critical threat to cyber security for a long time. Although researchers have proposed lots of countermeasures, phishing criminals figure out circumventions eventually since such countermeasures require substantial manual feature engineering and can not detect newly emerging phishing attacks well enough, which makes developing an efficient and effective phishing detection method an urgent need. In this work, we propose a novel phishing website detection approach by detecting the Uniform Resource Locator (URL) of a website, which is proved to be an effective and efficient detection approach. To be specific, our novel capsule-based neural network mainly includes several parallel branches wherein one convolutional layer extracts shallow features from URLs and the subsequent two capsule layers generate accurate feature representations of URLs from the shallow features and discriminate the legitimacy of URLs. The final output of our approach is obtained by averaging the outputs of all branches. Extensive experiments on a validated dataset collected from the Internet demonstrate that our approach can achieve competitive performance against other state-of-the-art detection methods while maintaining a tolerable time overhead.

Influence Maximization is an important research content in the dissemination process of information and behavior in social networks. Because Hill Climbing and Greedy Algorithm have good dissemination effect on this topic, researchers have used it to solve this NP problem for a long time. These algorithms only consider the number of active nodes in each round, ignoring the characteristic that the influence will be accumulated, so its effect is still far from the optimal solution. Also, the time complexity of these algorithms is considerable. Aiming at the problem of Influence Maximization, this paper improves the traditional Hill Climbing and Greedy Algorithm. We propose a Hybrid Distribution Value Accumulation Algorithm for Influence Maximization, which has better activation effect than Hill Climbing and Greedy Algorithm. In the first stage of the algorithm, the region is numerically accumulating rapidly and is easy to activate through value-greed. Experiments are conducted on two data sets: the voting situation on Wikipedia and the transmission situation of Gnutella node-to-node file sharing network. Experimental results verify the efficiency of our methods.

We propose a reinforcement learning based online multi-tenant secret-key assignment algorithm for quantum key distribution networks, capable of reducing tenant-request blocking probability more than half compared to the benchmark heuristics.

Heterogeneous Networks (Het Nets) are introduced to fulfill the increasing demands of wireless communications. To be manageable, it is expected that these networks are self-organized and in particular, self-healing to detect and relief faults autonomously. In the Cooperative Cell Outage Detection (COD), the Macro-Base Station (MBS) and a group of Femto-Base Stations (FBSs) in a specific range are cooperatively communicating to find out if each FBS is working properly or not. In this paper, we discuss the impacts of the cooperation range on the detection delay and accuracy and then conclude that there is an optimal amount for cooperation range which maximizes detection accuracy. We then derive the optimal cooperative range that improves the detection accuracy by using network parameters such as FBS's transmission power, noise power, shadowing fading factor, and path-loss exponent and investigate the impacts of these parameters on the optimal cooperative range. The simulation results show the optimal cooperative range that we proposed maximizes the detection accuracy.

Containers have become increasingly popular for deploying applications in cloud computing infrastructures. However, recent studies have shown that containers are prone to various security attacks. In this paper, we conduct a study on the effectiveness of various vulnerability detection schemes for containers. Specifically, we implement and evaluate a set of static and dynamic vulnerability attack detection schemes using 28 real world vulnerability exploits that widely exist in docker images. Our results show that the static vulnerability scanning scheme only detects 3 out of 28 tested vulnerabilities and dynamic anomaly detection schemes detect 22 vulnerability exploits. Combining static and dynamic schemes can further improve the detection rate to 86% (i.e., 24 out of 28 exploits). We also observe that the dynamic anomaly detection scheme can achieve more than 20 seconds lead time (i.e., a time window before attacks succeed) for a group of commonly seen attacks in containers that try to gain a shell and execute arbitrary code.

In the modern day and age, credential based authentication systems no longer provide the level of security that many organisations and their services require. The level of trust in passwords has plummeted in recent years, with waves of cyber attacks predicated on compromised and stolen credentials. This method of authentication is also heavily reliant on the individual user's choice of password. There is the potential to build levels of security on top of credential based authentication systems, using a risk based approach, which preserves the seamless authentication experience for the end user. One method of adding this security to a risk based authentication framework, is keystroke dynamics. Monitoring the behaviour of the users and how they type, produces a type of digital signature which is unique to that individual. Learning this behaviour allows dynamic flags to be applied to anomalous typing patterns that are produced by attackers using stolen credentials, as a potential risk of fraud. Methods from statistics and machine learning have been explored to try and implement such solutions. This paper will look at an Autoencoder model for learning the keystroke dynamics of specific users. The results from this paper show an improvement over the traditional tried and tested statistical approaches with an Equal Error Rate of 6.51%, with the additional benefits of relatively low training times and less reliance on feature engineering.