Biblio

Empathy is a fundamental mechanism of human interactions. As such, it should be an integral part of Human-Computer Interaction systems to make them more relatable. With this work, we focused on conversational scenarios where integrating empathy is crucial to perceive the computer like a human. As a result, we derived the high-level architecture of an Empathetic Conversational Agent we are willing to implement. We relied on theories about artificial empathy to derive the function approximating this mechanism and selected the conversational aspects to control for an empathetic interaction. In particular, we designed a core empathetic controller manages the empathetic responses, predicting, at each turn, the high-level content of the response. The derived architecture integrates empathy in a task-agnostic manner; hence we can employ it in multiple scenarios by changing the objective of the controller.

Approximate computing emerged as a key alternative for trading off accuracy against energy efficiency and area reduction. Error-tolerant applications, such as multimedia processing, machine learning, and signal processing, can process the information with lower-than-standard accuracy at the circuit level while still fulfilling a good and acceptable service quality at the application level. Adaptive filtering-based systems have been demonstrating high resiliency against hardware errors due to their intrinsic self-healing characteristic. This paper investigates the design space exploration of arithmetic approximations in a Very Large-Scale Integration (VLSI) harmonic elimination (HE) hardware architecture based on Least Mean Square (LMS) adaptive filters. We evaluate the Pareto front of the area- and power versus quality curves by relaxing the arithmetic precision and by adopting both approximate multipliers (AxMs) in combination with approximate adders (AxAs). This paper explores the benefits and impacts of the Dynamic Range Unbiased (DRUM), Rounding-based Approximate (RoBA), and Leading one Bit-based Approximate (LoBA) multipliers in the power dissipation, circuit area, and quality of the VLSI HE architectures. Our results highlight the LoBA 0 as the most efficient AxM applied in the HE architecture. We combine the LoBA 0 with Copy and LOA AxAs with variations in the approximation level (L). Notably, LoBA 0 and LOA with \$L=6\$ resulted in savings of 43.7% in circuit area and 45.2% in power dissipation, compared to the exact HE, which uses multiplier and adder automatically selected by the logic synthesis tool. Finally, we demonstrate that the best hardware architecture found in our investigation successfully eliminates the contaminating spurious noise (i.e., 60 Hz and its harmonics) from the signal.

Web server is an appealing target for attackers since it may be exploited to gain access to an organization’s internal network. After compromising a web server, the attacker can construct a webshell to maintain a long-term and stealthy access for further attacks. Among all webshell-based attacks, command injection is a powerful attack that can be launched to steal sensitive data from the web server or compromising other computers in the network. To monitor and analyze webshell-based command injection, we develop a hybrid webshell honeypot framework called HoneyBog, which intercepts and redirects malicious injected commands from the front-end honeypot to the high-fidelity back-end honeypot for execution. HoneyBog can achieve two advantages by using the client-server honeypot architecture. First, since the webshell-based injected commands are transferred from the compromised web server to a remote constrained execution environment, we can prevent the attacker from launching further attacks in the protected network. Second, it facilitates the centralized management of high-fidelity honeypots for remote honeypot service providers. Moreover, we increase the system fidelity of HoneyBog by synchronizing the website files between the front-end and back-end honeypots. We implement a prototype of HoneyBog using PHP and the Apache web server. Our experiments on 260 PHP webshells show that HoneyBog can effectively intercept and redirect injected commands with a low performance overhead.

Neural Module Network (NMN) exhibits strong interpretability and compositionality thanks to its handcrafted neural modules with explicit multi-hop reasoning capability. However, most NMNs suffer from two critical draw-backs: 1) scalability: customized module for specific function renders it impractical when scaling up to a larger set of functions in complex tasks; 2) generalizability: rigid pre-defined module inventory makes it difficult to generalize to unseen functions in new tasks/domains. To design a more powerful NMN architecture for practical use, we propose Meta Module Network (MMN) centered on a novel meta module, which can take in function recipes and morph into diverse instance modules dynamically. The instance modules are then woven into an execution graph for complex visual reasoning, inheriting the strong explainability and compositionality of NMN. With such a flexible instantiation mechanism, the parameters of instance modules are inherited from the central meta module, retaining the same model complexity as the function set grows, which promises better scalability. Meanwhile, as functions are encoded into the embedding space, unseen functions can be readily represented based on its structural similarity with previously observed ones, which ensures better generalizability. Experiments on GQA and CLEVR datasets validate the superiority of MMN over state-of-the-art NMN designs. Synthetic experiments on held-out unseen functions from GQA dataset also demonstrate the strong generalizability of MMN. Our code and model are released in Github1.

An efficient quantum circuit (program) compiler aims to minimize the gate-count - through efficient instruction translation, routing, gate, and cancellation - to improve run-time and noise. Therefore, a high-efficiency compiler is paramount to enable the game-changing promises of quantum computers. To date, the quantum computing hardware providers are offering a software stack supporting their hardware. However, several third-party software toolchains, including compilers, are emerging. They support hardware from different vendors and potentially offer better efficiency. As the quantum computing ecosystem becomes more popular and practical, it is only prudent to assume that more companies will start offering software-as-a-service for quantum computers, including high-performance compilers. With the emergence of third-party compilers, the security and privacy issues of quantum intellectual properties (IPs) will follow. A quantum circuit can include sensitive information such as critical financial analysis and proprietary algorithms. Therefore, submitting quantum circuits to untrusted compilers creates opportunities for adversaries to steal IPs. In this paper, we present a split compilation methodology to secure IPs from untrusted compilers while taking advantage of their optimizations. In this methodology, a quantum circuit is split into multiple parts that are sent to a single compiler at different times or to multiple compilers. In this way, the adversary has access to partial information. With analysis of over 152 circuits on three IBM hardware architectures, we demonstrate the split compilation methodology can completely secure IPs (when multiple compilers are used) or can introduce factorial time reconstruction complexity while incurring a modest overhead ( 3% to 6% on average).

Earlier around in year 1880’s, Industry 2.0 marked as change to the society caused by the invention of electricity. In today’s era, artificial intelligence plays a crucial role in defining the period of Industry 4.0. In this research study, we have presented Computational Intelligence based Machine Condition Monitoring system architecture for determination of developing faults in industrial machines. The goal is to increase efficiency of machines and reduce the cost. The architecture is fusion of machine sensitive sensors, cloud computing, artificial intelligence and databases, to develop an autonomous fault diagnostic system. To explain CI-MCMs, we have used neural networks on sensor data obtained from hydraulic system. The results obtained by neural network were compared with those obtained from traditional methods.

Data are the basis in Digital Twin (DT) to set up bidirectional mapping between physical and virtual spaces, and realize critical environmental sensing, decision making and execution. Thus, trustworthiness is a necessity in data content as well as data operations. A dual blockchain framework is proposed to realize comprehensive data security in various DT scenarios. It is highly adaptable, scalable, evolvable, and easy to be integrated into Digital Twin Network (DTN) as enhancement.

Safety- and security-critical developers have long recognized the importance of applying a high degree of scrutiny to a system’s (or subsystem’s) I/O messages. However, lack of care in the development of message-handling components can lead to an increase, rather than a decrease, in the attack surface. On the DARPA Cyber-Assured Systems Engineering (CASE) program, we have focused our research effort on identifying cyber vulnerabilities early in system development, in particular at the Architecture development phase, and then automatically synthesizing components that mitigate against the identified vulnerabilities from high-level specifications. This approach is highly compatible with the goals of the LangSec community. Advances in formal methods have allowed us to produce hardware/software implementations that are both performant and guaranteed correct. With these tools, we can synthesize high-assurance “building blocks” that can be composed automatically with high confidence to create trustworthy systems, using a method we call Security-Enhancing Architectural Transformations. Our synthesis-focused approach provides a higherleverage insertion point for formal methods than is possible with post facto analytic methods, as the formal methods tools directly contribute to the implementation of the system, without requiring developers to become formal methods experts. Our techniques encompass Systems, Hardware, and Software Development, as well as Hardware/Software Co-Design/CoAssurance. We illustrate our method and tools with an example that implements security-improving transformations on system architectures expressed using the Architecture Analysis and Design Language (AADL). We show how message-handling components can be synthesized from high-level regular or context-free language specifications, as well as a novel specification language for self-describing messages called Contiguity Types, and verified to meet arithmetic constraints extracted from the AADL model. Finally, we guarantee that the intent of the message processing logic is accurately reflected in the application binary code through the use of the verified CakeML compiler, in the case of software, or the Restricted Algorithmic C toolchain with ACL2-based formal verification, in the case of hardware/software co-design.

Today’s edge networks continue to see an increasing number of deployed IoT devices. These IoT devices aim to increase productivity and efficiency; however, they are plagued by a myriad of vulnerabilities. Industry and academia have proposed protecting these devices by deploying a “bolt-on” security gateway to these edge networks. The gateway applies security protections at the network level. While security gateways are an attractive solution, they raise a fundamental concern: Can the bolt-on security gateway be trusted? This paper identifies key challenges in realizing this goal and sketches a roadmap for providing trust in bolt-on edge IoT security gateways. Specifically, we show the promise of using a micro-hypervisor driven approach for delivering practical (deployable today) trust that is catered to both end-users and gateway vendors alike in terms of cost, generality, capabilities, and performance. We describe the challenges in establishing trust on today’s edge security gateways, formalize the adversary and trust properties, describe our system architecture, encode and prove our architecture trust properties using the Alloy formal modeling language. We foresee our trustworthy security gateway architecture becoming a practical and extensible formal foundation towards realizing robust trust properties on today’s edge security gateway implementations.

Nowadays, the increasing complexity of digital applications for social and business activities has required more and more advanced mechanisms to prove the identity of subjects like those based on the Two-Factor Authentication (2FA). Such an approach improves the typical authentication paradigm but it has still some weaknesses. Specifically, it has to deal with the disadvantages of a centralized architecture causing several security threats like denial of service (DoS) and man-in-the-middle (MITM). In fact, an attacker who succeeds in violating the central authentication server could be able to impersonate an authorized user or block the whole service. This work advances the state of art of 2FA solutions by proposing a decentralized Microservices and Blockchain Based One Time Password (MBB-OTP) protocol for security-enhanced authentication able to mitigate the aforementioned threats and to fit different application scenarios. Experiments prove the goodness of our MBB-OTP protocol considering both private and public Blockchain configurations.

In the economics environment, Job Matching is always a challenge involving the evolution of knowledge and skills. A good matching of skills and jobs can stimulate the growth of economics. Recommender System (RecSys), as one kind of Job Matching, can help the candidates predict the future job relevant to their preferences. However, RecSys still has the problem of cold start and data sparsity. The content-based filtering in RecSys needs the adaptive data for the specific staffing tasks of Bidirectional Encoder Representations from Transformers (BERT). In this paper, we propose a job RecSys based on skills and locations using a domain-specific Knowledge Graph (KG). This system has three parts: a pipeline of Named Entity Recognition (NER) and Relation Extraction (RE) using BERT; a standardization system for pre-processing, semantic enrichment and semantic similarity measurement; a domain-specific Knowledge Graph (KG). Two different relations in the KG are computed by cosine similarity and Term Frequency-Inverse Document Frequency (TF-IDF) respectively. The raw data used in the staffing RecSys include 3000 descriptions of job offers from Indeed, 126 Curriculum Vitae (CV) in English from Kaggle and 106 CV in French from Linx of Capgemini Engineering. The staffing RecSys is integrated under an architecture of Microservices. The autonomy and effectiveness of the staffing RecSys are verified through the experiment using Discounted Cumulative Gain (DCG). Finally, we propose several potential research directions for this research.

The development of edge computing and machine learning technologies have led to the growth of Industrial IoT systems. Autonomous decision making and smart manufacturing are flourishing in the current age of Industry 4.0. By providing more compute power to edge devices and connecting them to the internet, the so-called Cyber Physical Systems are prone to security threats like never before. Security in the current industry is based on cryptographic techniques that use pseudorandom number keys. Keys generated by a pseudo-random number generator pose a security threat as they can be predicted by a malicious third party. In this work, we propose a secure Industrial IoT Architecture that makes use of true random numbers generated by a quantum random number generator (QRNG). CITRIOT's FireConnect IoT node is used to show the proof of concept in a quantum-safe network where the random keys are generated by a cloud based quantum device. We provide an implementation of QRNG on both real quantum computer and quantum simulator. Then, we compare the results with pseudorandom numbers generated by a classical computer.

A 'Completely Automated Public Turing test to tell Computers and Humans Apart' or better known as CAPTCHA is a image based test used to determine the authenticity of a user (ie. whether the user is human or not). In today's world, almost all the web services, such as online shopping sites, require users to solve CAPTCHAs that must be read and typed correctly. The challenge is that recognizing the CAPTCHAs is a relatively easy task for humans, but it is still hard to solve for computers. Ideally, a well-designed CAPTCHA should be solvable by humans at least 90% of the time, while programs using appropriate resources should succeed in less than 0.01% of the cases. In this paper, a deep neural network architecture is presented to extract text from CAPTCHA images on various platforms. The central theme of the paper is to develop an efficient & intelligent model that converts image-based CAPTCHA to text. We used convolutional neural network based architecture design instead of the traditional methods of CAPTCHA detection using image processing segmentation modules. The model consists of seven layers to efficiently correlate image features to the output character sequence. We tried a wide variety of configurations, including various loss and activation functions. We generated our own images database and the efficacy of our model was proven by the accuracy levels of 99.7%.

In view of the continuous progress of current science and technology, cloud computing has been widely used in various fields. This paper proposes a secure data storage architecture based on cloud computing. The architecture studies the security issues of cloud computing from two aspects: data storage and data security, and proposes a data storage mode based on Cache and a data security mode based on third-party authentication, thereby improving the availability of data, from data storage to transmission. Corresponding protection measures have been established to realize effective protection of cloud data.

IoT honeypots that mimic the behavior of IoT devices for threat analysis are becoming increasingly important. Existing honeypot systems use devices with a specific version of firmware installed to monitor cyber attacks. However, honeypots frequently receive requests targeting devices and firmware that are different from themselves. When honeypots return an error response to such a request, the attack is terminated, and the monitoring fails.To solve this problem, we introduce FirmPot, a framework that automatically generates intelligent-interaction honeypots using firmware. This framework has a firmware emulator optimized for honeypot generation and learns the behavior of embedded applications by using machine learning. The generated honeypots continue to interact with attackers by a mechanism that returns the best from the emulated responses to the attack request instead of an error response.We experimented on embedded web applications of wireless routers based on the open-source OpenWrt. As a result, our framework generated honeypots that mimicked the embedded web applications of eight vendors and ten different CPU architectures. Furthermore, our approach to the interaction improved the session length with attackers compared to existing ones.

Internet of Battlefield Things (IoBTs) are well positioned to take advantage of recent technology trends that have led to the development of low-power neural accelerators and low-cost high-performance sensors. However, a key challenge that needs to be dealt with is that despite all the advancements, edge devices remain resource-constrained, thus prohibiting complex deep neural networks from deploying and deriving actionable insights from various sensors. Furthermore, deploying sophisticated sensors in a distributed manner to improve decision-making also poses an extra challenge of coordinating and exchanging data between the nodes and server. We propose an architecture that abstracts away these thorny deployment considerations from an end-user (such as a commander or warfighter). Our architecture can automatically compile and deploy the inference model into a set of distributed nodes and server while taking into consideration of the resource availability, variation, and uncertainties.

In the era of Internet of Things (IoT), the connection links are established from devices easily, which is vulnerable to insecure attacks from intruders, hence intrusion detection system in IoT is the need of an hour. One of the important thing for any organization is securing the confidential information and data from outside attacks as well as unauthorized access. There are many attempts made by the researchers to develop the strong intrusion detection system having high accuracy. These systems suffer from many disadvantages like unacceptable accuracy rates including high False Positive Rate (FPR) and high False Negative Rate (FNR), more execution time and failure rate. More of these system models are developed by using traditional machine learning techniques, which have performance limitations in terms of accuracy and timeliness both. These limitations can be overcome by using the deep learning techniques. Deep learning techniques have the capability to generate highly accurate results and are fault tolerant. Here, the intrusion detection model for IoT is designed by using the Taylor-Spider Monkey optimization (Taylor-SMO) which will be developed to train the Deep belief neural network (DBN) towards achieving an accurate intrusion detection model. The deep learning accuracy gets increased with increasing number of training data samples and testing data samples. The optimization based algorithm for training DBN helps to reduce the FPR and FNR in intrusion detection. The system will be implemented by using the NSL KDD dataset. Also, this model will be trained by using the samples from this dataset, before which feature extraction will be applied and only relevant set of attributes will be selected for model development. This approach can lead to better and satisfactory results in intrusion detection.

The Industrial Internet of Things is expected to attract significant investments for Industry 4.0. In this new environment, the blockchain has immediate potential in industrial applications, providing unchanging, traceable and auditable access control. However, recent work and present in blockchain literature are based on a cloud infrastructure that requires significant investments. Furthermore, due to the placement and distance of the cloud infrastructure to industrial control devices, such approaches present a communication latency that can compromise the strict deadlines for accessing and communicating with this device. In this context, this article presents a blockchain-based access control architecture, which is deployed directly to edge devices positioned close to devices that need access control. Performance assessments of the proposed approach were carried out in practice in an industrial mining environment. The results of this assessment demonstrate the feasibility of the proposal and its performance compared to cloud-based approaches.

In order to improve the accuracy and efficiency of transmission line safety early warning, a transmission line safety early warning system based on big data variable analysis is proposed. Firstly, the overall architecture of the system is designed under the B / S architecture. Secondly, in the hardware part of the system, the security data real-time monitoring module, data transmission module and security warning module are designed to meet the functional requirements of the system. Finally, in the system software design part, the big data variable analysis method is used to calculate the hidden danger of transmission line safety, so as to improve the effectiveness of transmission safety early warning. The experimental results show that, compared with the traditional security early warning system, the early warning accuracy and efficiency of the designed system are significantly improved, which can ensure the safe operation of the transmission line.

We present a scalable architecture based on a trained filter bank for input pre-processing and a recurrent neural network (RNN) for the detection of atrial fibrillation in electrocardiogram (ECG) signals, with the focus on enabling a very efficient hardware implementation as application-specific integrated circuit (ASIC). Our already very efficient base architecture is further improved by replacing the RNN with a delta-encoded gated recurrent unit (GRU) and adding a confidence measure (CM) for terminating the computation as early as possible. With these optimizations, we demonstrate a reduction of the processing load of 58 % on an internal dataset while still achieving near state-of-the-art classification results on the Physionet ECG dataset with only 1202 parameters.

ICN (Information-Centric Networking) is a traditional networking approach which focuses on Internet design, while SDN (Software Defined Networking) is known as a speedy and flexible networking approach. Integrating these two approaches can solve different kinds of traditional networking problems. On the other hand, it may expose new challenges. In this paper, we study how these two networking approaches are been combined to form SDN-based ICN architecture to improve network administration. Recent research is explored to identify the SDN-based ICN challenges, provide a critical analysis of the current integration approaches, and determine open issues for further research.

The concept of usage control goes beyond traditional access control by regulating not only the retrieval but also the processing of data. To be able to remotely enforce usage control policy the processing party requires a trusted execution environ-ment such as Intel SGX which creates so-called enclaves. In this paper we introduce Multi Enclave based Code from Template (MECT), an SGX-based architecture for trusted remote policy enforcement. MECT uses a multi-enclave approach in which an enclave generation service dynamically generates enclaves from pre-defined code and dynamic policy parameters. This approach leads to a small trusted computing base and highly simplified attestation while preserving functionality benefits. Our proof of concept implementation consumes customisable code from templates. We compare the implementation with other architectures regarding the trusted computing base, flexibility, performance, and modularity. This comparison highlights the security benefits for remote attestation of MECT.

After the emergence of the cloud architecture, many companies migrate their data from conventional storage i.e., on bare metal to the cloud storage. Since then huge amount of data was stored on cloud servers, which later resulted in redundancy of huge amount of data. Hence in this cloud world, many data de-duplication techniques has been widely used. Not only the redundancy but also made data more secure and privacy of the existing data were also increased. Some techniques got limitations and some have their own advantages based on the requirements. Some of the attributes like data privacy, tag regularity and interruption to brute-force attacks. To make data deduplication technique more efficient based on the requirements. This paper will discuss schemes that brace user-defined access control, by allowing the service provider to get information of the information owners. Thus our scheme eliminates redundancy of the data without breaching the privacy and security of clients that depends on service providers. Our lastest deduplication scheme after performing various algorithms resulted in conclusion and producing more efficient data confidentiality and tag consistency. This paper has discussion on various techniques and their drawbacks for the effectiveness of the deduplication.

The cloud infrastructure is not new to the society from past one decade. But even in recent time, the companies started migrating from local services to cloud services for better connectivity and for other requirements, this is due to companies financial limitations on existing infrastructure, they are migrating to less cost and hire and fire support based cloud infrastructures. But the proposed cloud infrastructure require security on event logs accessed by different end users on the cloud environment. To adopt the security on local services to cloud service based infrastructure, it need better identify management between end users. Therefore this paper presents the related works of user identity as a service for each user involving in cloud service and the accessing permission and protection will be monitored and controlled by the cloud security infrastructures.

With the rapid development of cloud computing which has been extensively applied in the health research, the concept of medical cloud has become widespread. In this paper, we proposed an integrated medical cloud architecture with multiple applications based on privacy protection. The scheme in this paper adopted attribute encryption to ensure the PHR files encrypted all the time in order to protect the health privacy of the PHR owners not leaked. In addition, the medical cloud architecture proposed in this paper is suitable for multiple application scenarios. Different from the traditional domain division which has public domain (PUD) and private domain (PSD), the PUD domain is further divided into PUD1and PUD2 with finer granularity based on different permissions of the PHR users. In the PUD1, the PHR users have read or write access to the PHR files, while the PHR users in the PUD2 only have read permissions. In the PSD, we use key aggregation encryption (KAE) to realize the access control. For PHR users of PUD1 and PUD2, the outsourcable ABE technology is adopted to greatly reduce the computing burden of users. The results of function and performance test show that the scheme is safe and effective.