Biblio

From an information-theoretic standpoint, the intrusion detection process can be examined. Given the IDS output(alarm data), we should have less uncertainty regarding the input (event data). We propose the Capability of Intrusion Detection (CID) measure, which is simply the ratio of mutual information between IDS input and output, and the input of entropy. CID has the desirable properties of (1) naturally accounting for all important aspects of detection capability, such as true positive rate, false positive rate, positive predictive value, negative predictive value, and base rate, (2) objectively providing an intrinsic measure of intrusion detection capability, and (3) being sensitive to IDS operation parameters. When finetuning an IDS, we believe that CID is the best performance metric to use. In terms of the IDS’ inherent ability to classify input data, the so obtained operation point is the best that it can achieve.

All-or-nothing transforms (AONT) were proposed by Rivest as a message preprocessing technique for encrypting data to protect against brute-force attacks, and have many applications in cryptography and information security. Later the unconditionally secure AONT and their combinatorial characterization were introduced by Stinson. Informally, a combinatorial AONT is an array with the unbiased requirements and its security properties in general depend on the prior probability distribution on the inputs s-tuples. Recently, it was shown by Esfahani and Stinson that a combinatorial AONT has perfect security provided that all the inputs s-tuples are equiprobable, and has weak security provided that all the inputs s-tuples are with non-zero probability. This paper aims to explore on the gap between perfect security and weak security for combinatorial (t, s, v)-AONTs. Concretely, we consider the typical scenario that all the s inputs take values independently (but not necessarily identically) and quantify the amount of information H(\textbackslashmathcalX\textbackslashmid \textbackslashmathcalY) about any t inputs \textbackslashmathcalX that is not revealed by any s−t outputs \textbackslashmathcalY. In particular, we establish the general lower and upper bounds on H(\textbackslashmathcalX\textbackslashmid \textbackslashmathcalY) for combinatorial AONTs using information-theoretic techniques, and also show that the derived bounds can be attained in certain cases.

Building occupancy data helps increase energy management systems’ performance, enabling lower energy use while preserving occupant comfort. The focus of this study is employing environmental data (e.g., including but not limited to temperature, humidity, carbon dioxide (CO2), etc.) to infer occupancy information. This will be achieved by exploring the application of information theory metrics with machine learning (ML) approaches to classify occupancy levels for a given dataset. Three datasets and six distinct ML algorithms were used in a comparative study to determine the best strategy for identifying occupancy patterns. It was determined that both k-nearest neighbors (kNN) and random forest (RF) identify occupancy labels with the highest overall level of accuracy, reaching 97.99% and 98.56%, respectively.

In order to better cultivate engineering and application-oriented cryptographic talents, it is urgent to establish a joint school enterprise cryptographic laboratory. However, there is a core problem in the existing school enterprise joint laboratory construction scheme: the enterprise is not specialized and has insufficient cooperation ability, which can not effectively realize the effective integration of resources and mutual benefit and win-win results. To solve this problem, we propose a comprehensive evaluation model of cooperative enterprises based on entropy weight method and grey correlation analysis. Firstly, the multi-level evaluation index system of the enterprise is established, and the entropy weight method is used to objectively weight the index. After that, the grey weighted correlation degree between each enterprise and the virtual optimal enterprise is calculated by grey correlation analysis to compare the advantages and disadvantages of enterprises. Through the example analysis, it is proved that our method is effective and reliable, eliminating subjective factors, and providing a certain reference value for the construction of school enterprise joint cryptographic laboratory.

Encryption is essential for protecting sensitive data, especially images, against unauthorized access and exploitation. The goal of this work is to develop a more secure image encryption technique for image-based communication. The approach uses particle swarm optimization, chaotic map and magic square to offer an ideal encryption effect. This work introduces a novel encryption algorithm based on magic square. The image is first broken down into single-byte blocks, which are then replaced with the value of the magic square. The encrypted images are then utilized as particles and a starting assembly for the PSO optimization process. The correlation coefficient applied to neighboring pixels is used to define the ideal encrypted image as a fitness function. The results of the experiments reveal that the proposed approach can effectively encrypt images with various secret keys and has a decent encryption effect. As a result of the proposed work improves the public key method's security while simultaneously increasing memory economy.

Network attacks become more complicated with the improvement of technology. Traditional statistical methods may be insufficient in detecting constantly evolving network attack. For this reason, the usage of payload-based deep packet inspection methods is very significant in detecting attack flows before they damage the system. In the proposed method, features are extracted from the byte distributions in the payload and these features are provided to characterize the flows more deeply by using N-Gram analysis methods. The proposed procedure has been tested on IDS 2012 and 2017 datasets, which are widely used in the literature.

Most of the recent high-profile attacks targeting cyber-physical systems (CPS) started with lengthy reconnaissance periods that enabled attackers to gain in-depth understanding of the victim’s environment. To simulate these stealthy attacks, several covert channel tools have been published and proven effective in their ability to blend into existing CPS communication streams and have the capability for data exfiltration and command injection.In this paper, we report a novel machine learning feature engineering and data processing pipeline for the detection of covert channel attacks on CPS systems with real-time detection throughput. The system also operates at the network layer without requiring physical system domain-specific state modeling, such as voltage levels in a power generation system. We not only demonstrate the effectiveness of using TCP payload entropy as engineered features and the technique of grouping information into network flows, but also pitch the proposed detector against scenarios employing advanced evasion tactics, and still achieve above 99% detection performance.

Document scanning aims to transfer the captured photographs documents into scanned document files. However, current methods based on traditional or key point detection have the problem of low detection accuracy. In this paper, we were the first to propose a document processing system based on semantic segmentation. Our system uses OCRNet to segment documents. Then, perspective transformation and other post-processing algorithms are used to obtain well-scanned documents based on the segmentation result. Meanwhile, we optimized OCRNet's loss function and reached 97.25 MIoU on the test dataset.

We present a ternary source coding scheme in this paper, which is a special class of low density generator matrix (LDGM) codes. We prove that a ternary linear block LDGM code, whose generator matrix is randomly generated with each element independent and identically distributed, is universal for source coding in terms of the symbol-error rate (SER). To circumvent the high-complex maximum likelihood decoding, we introduce a special class of convolutional LDGM codes, called block Markov superposition transmission of repetition (BMST-R) codes, which are iteratively decodable by a sliding window algorithm. Then the presented BMST-R codes are applied to construct a tandem scheme for Gaussian source compression, where a dead-zone quantizer is introduced before the ternary source coding. The main advantages of this scheme are its universality and flexibility. The dead-zone quantizer can choose a proper quantization level according to the distortion requirement, while the LDGM codes can adapt the code rate to approach the entropy of the quantized sequence. Numerical results show that the proposed scheme performs well for ternary sources over a wide range of code rates and that the distortion introduced by quantization dominates provided that the code rate is slightly greater than the discrete entropy.

The selection of distribution network faults is of great significance to accurately identify the fault location, quickly restore power and improve the reliability of power supply. This paper mainly studies the fault phase selection method of distribution network based on wavelet singular entropy and deep belief network (DBN). Firstly, the basic principles of wavelet singular entropy and DBN are analyzed, and on this basis, the DBN model of distribution network fault phase selection is proposed. Firstly, the transient fault current data of the distribution network is processed to obtain the wavelet singular entropy of the three phases, which is used as the input of the fault phase selection model; then the DBN network is improved, and an artificial neural network (ANN) is introduced to make it a fault Select the phase classifier, and specify the output label; finally, use Simulink to build a simulation model of the IEEE33 node distribution network system, obtain a large amount of data of various fault types, generate a training sample library and a test sample library, and analyze the neural network. The adjustment of the structure and the training of the parameters complete the construction of the DBN model for the fault phase selection of the distribution network.

True Random Number Generator (TRNG) is an important hardware security primitive for system security. TRNGs are capable of providing random bits for initialization vectors in encryption engines, for padding and nonces in authentication protocols and for seeds to pseudo random number generators (PRNG). A TRNG needs to meet the same statistical quality standards as a physical unclonable function (PUF) with regard to randomness and uniqueness, and therefore one can envision a unified architecture for both functions. In this paper, we investigate a FPGA implementation of a TRNG using the Shift-register Reconvergent-Fanout (SiRF) PUF. The SiRF PUF measures path delays as a source of entropy within a engineered logic gate netlist. The delays are measured at high precision using a time-to-digital converter, and then processed into a random bitstring using a series of linear-time mathematical operations. The SiRF PUF algorithm that is used for key generation is reused for the TRNG, with simplifications that improve the bit generation rate of the algorithm. This enables the TRNG to leverage both fixed PUF-based entropy and random noise sources, and makes the TRNG resilient to temperature-voltage attacks. TRNG bitstrings generated from a programmable logic implementation of the SiRF PUF-TRNG on a set of FPGAs are evaluated using statistical testing tools.

Random numbers are essential for communications security, as they are widely employed as secret keys and other critical parameters of cryptographic algorithms. The Linux random number generator (LRNG) is the most popular open-source software-based random number generator (RNG). The security of LRNG is influenced by the overall design, especially the quality of entropy sources. Therefore, it is necessary to assess and quantify the quality of the entropy sources which contribute the main randomness to RNGs. In this paper, we perform an empirical study on the quality of entropy sources in LRNG with Linux kernel 5.6, and provide the following two findings. We first analyze two important entropy sources: jiffies and cycles, and propose a method to predict jiffies by cycles with high accuracy. The results indicate that, the jiffies can be correctly predicted thus contain almost no entropy in the condition of knowing cycles. The other important finding is the failure of interrupt cycles during system boot. The lower bits of cycles caused by interrupts contain little entropy, which is contrary to our traditional cognition that lower bits have more entropy. We believe these findings are of great significance to improve the efficiency and security of the RNG design on software platforms.

Sample-then-lock construction is a reusable fuzzy extractor for low-entropy sources. When applied on iris recognition scenarios, many subsets of an iris-code are used to lock the cryptographic key. The security of this construction relies on the entropy of subsets of iris codes. Simhadri et al. reported a security level of 32 bits on iris sources. In this paper, we propose two kinds of attacks to crack existing sample-then-lock schemes. Exploiting the low-entropy subsets, our attacks can break the locked key and the enrollment iris-code respectively in less than 220 brute force attempts. To protect from these proposed attacks, we design an improved sample-then-lock scheme. More precisely, our scheme employs stability and discriminability to select high-entropy subsets to lock the genuine secret, and conceals genuine locker by a large amount of chaff lockers. Our experiment verifies that existing schemes are vulnerable to the proposed attacks with a security level of less than 20 bits, while our scheme can resist these attacks with a security level of more than 100 bits when number of genuine subsets is 106.

Any type of engineered design requires metrics for trading off both desirable and undesirable properties. For integrated circuits, typical properties include circuit size, performance, power, etc., where for example, performance is a desirable property and power consumption is not. Security metrics, on the other hand, are extremely difficult to develop because there are active adversaries that intend to compromise the protected circuitry. This implies metric values may not be static quantities, but instead are measures that degrade depending on attack effectiveness. In order to deal with this dynamic aspect of a security metric, a general attack model is proposed that enables the effectiveness of various security approaches to be directly compared in the context of an attack. Here, we describe, define and demonstrate that the metrics presented are both meaningful and measurable.

Globalization of the integrated circuit (IC) supply chain exposes designs to security threats such as reverse engineering and intellectual property (IP) theft. Designers may want to protect specific high-level synthesis (HLS) optimizations or micro-architectural solutions of their designs. Hence, protecting the IP of ICs is essential. Behavioral locking is an approach to thwart these threats by operating at high levels of abstraction instead of reasoning on the circuit structure. Like any security protection, behavioral locking requires additional area. Existing locking techniques have a different impact on security and overhead, but they do not explore the effects of alternatives when making locking decisions. We develop a design-space exploration (DSE) framework to optimize behavioral locking for a given security metric. For instance, we optimize differential entropy under area or key-bit constraints. We define a set of heuristics to score each locking point by analyzing the system dependence graph of the design. The solution yields better results for 92% of the cases when compared to baseline, state-of-the-art (SOTA) techniques. The approach has results comparable to evolutionary DSE while requiring 100× to 400× less computational time.

Image steganography is the operation of hiding a message into a cover image. the message can be text, codes, or image. Hiding an image into another is the proposed approach in this paper. Based on LSB coding, a k-LSB-based method is proposed using k least bits to hide the image. For decoding the hidden image, a region detection operation is used to know the blocks contains the hidden image. The resolution of stego image can be affected, for that, an image quality enhancement method is used to enhance the image resolution. To demonstrate the effectiveness of the proposed approach, we compare it with some of the state-of-the-art methods.

With the proliferation of false redundant information on various e-commerce platforms, ineffective recommendations and other untrustworthy behaviors have seriously hindered the healthy development of e-commerce platforms. Modern recommendation systems often use side information to alleviate these problems and also increase prediction accuracy. One such piece of side information, which has been widely investigated, is trust. However, it is difficult to obtain explicit trust relationship data, so researchers infer trust values from other methods, such as the user-to-item relationship. In this paper, addressing the problems, we proposed a novel trust-based recommender model called UITrust, which uses user-item relationship value to improve prediction accuracy. With the improvement the traditional similarity measures by employing the entropies of user and item history ratings to reflect the global rating behavior on both. We evaluate the proposed model using two real-world datasets. The proposed model performs significantly better than the baseline methods. Also, we can use the UITrust to alleviate the sparsity problem associated with correlation-based similarity. In addition to that, the proposed model has a better computational complexity for making predictions than the k-nearest neighbor (kNN) method.

Internet always remains the target for the cyberattacks, and attackers are getting equipped with more potent tools due to the advancement of technology to preach the security of the Internet. Industries and organizations are sponsoring many projects to avoid these kinds of problems. As a result, SDN (Software Defined Network) architecture is becoming an acceptable alternative for the traditional IP based networks which seems a better approach to defend the Internet. However, SDN is also vulnerable to many new threats because of its architectural concept. SDN might be a primary target for DoS (Denial of Service) and DDoS (Distributed Denial of Service) attacks due to centralized control and linking of data plane and control plane. In this paper, the we propose a novel technique for detection of DDoS attacks using information theory metric. We compared our approach with widely used Intrusion Detection Systems (IDSs) based on Shannon entropy and Renyi entropy, and proved that our proposed methodology has more power to detect malicious flows in SDN based networks. We have used precision, detection rate and FPR (False Positive Rate) as performance parameters for comparison, and validated the methodology using a topology implemented in Mininet network emulator.

True random number generators (TRNG) are widely used to generate encryption keys in information security systems [1]–[2]. In TRNG, entropy source is a critical module who provides the source of randomness of output bit stream. The unavoidable electrical noise in circuit becomes an ideal entropy source due to its unpredictability. Among the methods of capturing electrical noise, ring oscillator-based entropy source makes the TRNG most robust to deterministic noise and 1/f noise which means the strongest anti-interference capability, so it is simple in structure and easy to integrate [3]. Thus, great research attention has focused on ring oscillator-based TRNGs [3] –[7]. In [4], a high-speed TRNG with 100Mbps output bit rate was proposed, but it took up too much power and area. A TRNG based on tetrahedral ring oscillator was proposed in [5]. Its power consumption was very low but the output bit rate was also very low. A ring oscillator-based TRNG with low output bit rate but high power was proposed in [7]. In a word, none of the above architectures achieve an appropriate compromise between bit rate and power consumption. This work presents a new feedback architecture of TRNG based on tetrahedral ring oscillator. The output random bit stream generates a relative random control voltage that acts on the transmission gates in oscillator through a feedback loop, thus increasing phase jitter of the oscillator and improving output bit rate. Furthermore, an XOR chain-based post-processing unit is added to eliminate the statistical deviations and correlations between raw bits.

As a classic quantum computing implementation, the Deustch-Jozsa (DJ) algorithm is taught in many courses pertaining to quantum information science and technology (QIST). We exploit the DJ framework as an educational testbed, illustrating fundamental qubit concepts while identifying associated algorithmic challenges. In this work, we present a self-contained exploration which may be beneficial in educating the future quantum workforce. Quantum Key Distribution (QKD), an improvement over the classical Public Key Infrastructure (PKI), allows two parties, Alice and Bob, to share a secret key by using the quantum physical properties. For QKD the DJ-packets, consisting of the input qubits and the target qubit for the DJ algorithm, carry the secret information between Alice and Bob. Previous research from Nagata and Nakamura discovered in 2015 that the DJ algorithm for QKD allows an attacker to successfully intercept and remain undetected. Improving upon the past research we increased the entropy of DJ-packets through: (i) size hopping (H), where the number of qubits in consecutive DJ-packets keeps on changing and (ii) reordering (R) the qubits within the DJ-packets. These concepts together illustrate the multiple scales where entropy may increase in a DJ algorithm to make for a more robust QKD framework, and therefore significantly decrease Eve’s chance of success. The proof of concept of the new schemes is tested on Google’s Cirq quantum simulator, and detailed python simulations show that attacker’s interception success rate can be drastically reduced.

One of the topics that have successful applications in engineering technologies and computer science is chaos theory. The remarkable area among these successful applications has been especially the subject of chaos-based cryptology. Many practical applications have been proposed in a wide spectrum from image encryption algorithms to random number generators, from block encryption algorithms to hash functions based on chaotic systems. Logistics map is one of the chaotic systems that has been the focus of attention of researchers in these applications. Since, Logistic map can be shown as the most widely used chaotic system in chaos-based cryptology studies due to its simple mathematical structure and its characterization as a strong entropy source. However, in some studies, researchers stated that the behavior displayed in relation to the dynamics of the Logistic map may pose a problem for cryptology applications. For this reason, alternative studies have been carried out using different chaotic systems. In this study, it has been investigated which one is more suitable for cryptographic applications for five different derivatives of the Logistic map. In the study, a substitution box generator program has been implemented using the Logistic map and its five different derivatives. The generated outputs have been tested for five basic substitution box design criteria. Analysis results showed that the proposals for maps derived from Logistic map have a more robust structure than many studies in the literature.

State estimation (SE) plays a vital role in the reliable operation of modern power systems, gives situational awareness to the operators, and is employed in different functions of the Energy Management System (EMS), such as Optimal Power Flow (OPF), Contingency Analysis (CA), power market mechanism, etc. To increase SE's accuracy and protect it from compromised measurements, Bad Data Detection (BDD) algorithm is employed. However, the integration of Information and Communication Technologies (ICT) into the modern power system makes it a complicated cyber-physical system (CPS). It gives this opportunity to an adversary to find some loopholes and flaws, penetrate to CPS layer, inject false data, bypass existing BDD schemes, and consequently, result in security and stability issues. This paper employs a semi-supervised learning method to find normal data patterns and address the False Data Injection Attack (FDIA) problem. Based on this idea, the Probability Distribution Functions (PDFs) of measurement variations are derived for training and test data sets. Two distinct indices, i.e., Absolute Distance (AD) and Relative Entropy (RE), a concept in Information Theory, are utilized to find the distance between these two PDFs. In case an intruder compromises data, the related PDF changes. However, we demonstrate that AD fails to detect these changes. On the contrary, the RE index changes significantly and can properly detect FDIA. This proposed method can be used in a real-time attack detection process where the larger RE index indicates the possibility of an attack on the real-time data. To investigate the proposed methodology's effectiveness, we utilize the New York Independent System Operator (NYISO) data (Jan.-Dec. 2019) with a 5-minute resolution and map it to the IEEE 14-bus test system, and prepare an appropriate data set. After that, two different case studies (attacks on voltage magnitude ( Vm), and phase angle (θ)) with different attack parameters (i.e., 0.90, 0.95, 0.98, 1.02, 1.05, and 1.10) are defined to assess the impact of an attack on the state variables at different buses. The results show that RE index is a robust and reliable index, appropriate for real-time applications, and can detect FDIA in most of the defined case studies.

Implementing the color images encryption is a challenging field of the research for IOT applications. An exponential growth in imaging cameras in IOT uses makes it critical to design the robust image security algorithms. It is also observed that performance of existing encryption methods degrades under the presence of noisy environments. This is the major concern of evaluating the encryption method in this paper. The prime concern of this paper is to design the fast efficient color images encryption algorithm by designing an efficient and robustness RSA encryption algorithm. Method takes the advantage of both preprocessing and the Gaussian pyramid (GP) approach for encryption. To improve the performance it is proposed to use the LAB color space and implement the RSA encryption on luminance (L) component using the GP domain. The median filter and image sharpening is used for preprocessing. The goal is to improve the performance under highly noisy imaging environment. The performance is compared based on the crypto weights and on the basis of visual artifacts and entropy analysis. The decrypted outputs are again converted to color image output. Using the LAB color space is expected to improve the entropy performance of the image. Result of proposed encryption method is evaluated under the different types of the noisy attacks over the color images and also performance is compared with state of art encryption methods. Significant improvement speed of the algorithm is compared in terms of the elapsed time

IP Identification (IP ID) is an IP header field that identifies a data packet in the network to distinguish its fragments from others during the reassembly process. Random generated IP ID field could be used as a covert channel by embedding hidden bits within it. This paper uses the support vector machine (SVM) while enabling a features reduction procedure for investigating to what extend could the entropy feature of the IP ID covert channel affect the detection. Then, an entropy-based SVM is employed to evaluate the roles of the IP ID covert channel hidden bits on detection. Results show that, entropy is a distinct discrimination feature in classifying and detecting the IP ID covert channel with high accuracy. Additionally, it is found that each of the type, the number and the position of the hidden bits within the IP ID field has a specified influence on the IP ID covert channel detection accuracy.

With the rapid growth of data exfiltration carried out by cyber attacks, Covert Timing Channels (CTC) have become an imminent network security risk that continues to grow in both sophistication and utilization. These types of channels utilize inter-arrival times to steal sensitive data from the targeted networks. CTC detection relies increasingly on machine learning techniques, which utilize statistical-based metrics to separate malicious (covert) traffic flows from the legitimate (overt) ones. However, given the efforts of cyber attacks to evade detection and the growing column of CTC, covert channels detection needs to improve in both performance and precision to detect and prevent CTCs and mitigate the reduction of the quality of service caused by the detection process. In this article, we present an innovative image-based solution for fully automated CTC detection and localization. Our approach is based on the observation that the covert channels generate traffic that can be converted to colored images. Leveraging this observation, our solution is designed to automatically detect and locate the malicious part (i.e., set of packets) within a traffic flow. By locating the covert parts within traffic flows, our approach reduces the drop of the quality of service caused by blocking the entire traffic flows in which covert channels are detected. We first convert traffic flows into colored images, and then we extract image-based features for detection covert traffic. We train a classifier using these features on a large data set of covert and overt traffic. This approach demonstrates a remarkable performance achieving a detection accuracy of 95.83% for cautious CTCs and a covert traffic accuracy of 97.83% for 8 bit covert messages, which is way beyond what the popular statistical-based solutions can achieve.