Biblio

Advancing artificial neural networks to the coherent optical domain offers several advantages, such as a filterless synaptic interconnect with increased routing flexibility. Towards this direction, a coherent synaptic receptor with integrated multiplication function will be experimentally evaluated for a 1-GHz train of 130-ps spikes.

This research presents a model for assessing information systems cybersecurity maturity level. The main purpose of the model is to provide comprehensive support for information security specialists and auditors in checking information systems security level, checking security policy implementation, and compliance with security standards. The model synthesized based on controls and practices present in ISO 27001 and ISO 27002 and the neural network of direct signal propagation. The methodology described in this paper can also be extended to synthesis a model for different security control sets and, consequently, to verify compliance with another security standard or policy. The resulting model describes a real non-automated process of assessing the maturity of an IS at an acceptable level and it can be recommended to be used in the process of real audit of Information Security Management Systems.

Controller Area Network is the bus standard that works as a central system inside the vehicles for communicating in-vehicle messages. Despite having many advantages, attackers may hack into a car system through CAN bus, take control of it and cause serious damage. For, CAN bus lacks security services like authentication, encryption etc. Therefore, an anomaly detection system must be integrated with CAN bus in vehicles. In this paper, we proposed an Artificial Neural Network based anomaly detection method to identify illicit messages in CAN bus. We trained our model with two types of attacks so that it can efficiently identify the attacks. When tested, the proposed algorithm showed high performance in detecting Denial of Service attacks (with accuracy 100%) and Fuzzy attacks (with accuracy 99.98%).

The Internet obviously has a major impact on the global economy and human life every day. This boundless use pushes the attack programmers to attack the data frameworks on the Internet. Web attacks influence the reliability of the Internet and its administrations. These attacks are classified as User-to-Root (U2R), Remote-to-Local (R2L), Denial-of-Service (DoS) and Probing (Probe). Subsequently, making sure about web framework security and protecting data are pivotal. The conventional layers of safeguards like antivirus scanners, firewalls and proxies, which are applied to treat the security weaknesses are insufficient. So, Intrusion Detection Systems (IDSs) are utilized to screen PC and data frameworks for security shortcomings. IDS adds more effectiveness in securing networks against attacks. This paper presents an IDS model based on Deep Learning (DL) with Convolutional Neural Network (CNN) hypothesis. The model has been evaluated on the NSLKDD dataset. It has been trained by Kddtrain+ and tested twice, once using kddtrain+ and the other using kddtest+. The achieved test accuracies are 99.7% and 98.43% with 0.002 and 0.02 wrong alert rates for the two test scenarios, respectively.

To deal with the increasingly serious threat of industrial information malicious code, the simulations and characteristics of the domestic security and controllable operating system and office software were implemented in the virtual sandbox environment based on virtualization technology in this study. Firstly, the serialization detection scheme based on the convolution neural network algorithm was improved. Then, the API sequence was modeled and analyzed by the improved convolution neural network algorithm to excavate more local related information of variant sequences. Finally the variant detection of malicious code was realized. Results showed that this improved method had higher efficiency and accuracy for a large number of malicious code detection, and could be applied to the malicious code detection in security and controllable operating system.

Recently, modern networks have been made up of connections of small devices that have less memory, small CPU capability, and limited resources. Such networks apparently known as Internet of Things networks. Devices in such network promising high standards of live for human, however, they increase the size of threats lead to bring more risks to network security. One of the most popular threats against such networks is known as Distributed Denial of Service (DDoS). Reports from security solution providers show that number of such attacks are in increase considerably. Therefore, more researches on detecting the DDoS attacks are necessary. Such works need monitoring network packets that move over Internet and networks and, through some intelligent techniques, monitored packets could be classified as benign or as DDoS attack. This work focuses on combining Neighborhood Component Analysis and Artificial Neural Network-Backpropagation to classify and identify packets as forward by attackers or as come from authorized and illegible users. This work utilized the activities of four type of the network protocols to distinguish five types of attacks from benign packets. The proposed model shows the ability of classifying packets to normal or to attack classes with an accuracy of 99.4%.

Network information security pipeline based on the grey relational cluster and neural networks is designed and implemented in this paper. This method is based on the principle that the optimal selected feature set must contain the feature with the highest information entropy gain to the data set category. First, the feature with the largest information gain is selected from all features as the search starting point, and then the sample data set classification mark is fully considered. For the better performance, the neural networks are considered. The network learning ability is directly determined by its complexity. The learning of general complex problems and large sample data will bring about a core dramatic increase in network scale. The proposed model is validated through the simulation.

Sound plays a key role in human life and therefore sound recognition system has a great future ahead. Sound classification and identification system has many applications such as system for personal security, critical surveillance, etc. The main aim of this paper is to detect and classify the security sound event using the surveillance camera systems with integrated microphone based on the generated spectrograms of the sounds. This will enable to track security events in cases of emergencies. The goal is to propose a security system to accurately detect sound events and make a better security sound event detection system. We propose to use a convolutional neural network (CNN) to design the security sound detection system to detect a security event with minimal sound. We used the spectrogram images to train the CNN. The neural network was trained using different security sounds data which was then used to detect security sound events during testing phase. We used two datasets for our experiment training and testing datasets. Both the datasets contain 3 different sound events (glass break, gun shots and smoke alarms) to train and test the model, respectively. The proposed system yields the good accuracy for the sound event detection even with minimum available sound data. The designed system achieved accuracy was 92% and 90% using CNN on training dataset and testing dataset. We conclude that the proposed sound classification framework which using the spectrogram images of sounds can be used efficiently to develop the sound classification and recognition systems.

Network intrusion detection is an important research direction of network security. The diversification of network intrusion mode and the increasing amount of network data make the traditional detection methods can not meet the requirements of the current network environment. The development of deep learning technology and its successful application in the field of artificial intelligence provide a new solution for network intrusion detection. In this paper, the convolutional neural network in deep learning is applied to network intrusion detection, and an intelligent detection model which can actively learn is established. The experiment on KDD99 data set shows that it can effectively improve the accuracy and adaptive ability of intrusion detection, and has certain effectiveness and advancement.

To understand the future trend of network security, the field of network security began to introduce the concept of NSSA(Network Security Situation Awareness). This paper implements the situation assessment model by using game theory algorithms to calculate the situation value of attack and defense behavior. After analyzing the ant colony algorithm and the RBF neural network, the defects of the RBF neural network are improved through the advantages of the ant colony algorithm, and the situation prediction model based on the ant colony-RBF neural network is realized. Finally, the model was verified experimentally.

The notion of Zero Trust Architecture (ZTA) has been introduced as a fine-grained defense approach. It assumes that no entities outside and inside the protected system can be trusted and therefore requires articulated and high-coverage deployment of security controls. However, ZTA is a complex notion which does not have a single design solution; rather it consists of numerous interconnected concepts and processes that need to be assessed prior to deciding on a solution. In this paper, we outline a ZTA design methodology based on cyber risks and the identification of known high security risks. We then discuss challenges related to the design and deployment of ZTA and related solutions. We also discuss the role that service technology can play in ZTA.

Digitalisation of domains such as medical and railway utilising cloud and networking technologies such as 5G and forthcoming 6G systems presents additional security challenges. The establishment of the identity, integrity and provenance of devices, services and other functional components removed a number of attack vectors and addresses a number of so called zero-trust security requirements. The addition of trusted hardware, such as TPM, and related remote attestation integrated with the networking and cloud infrastructure will be necessary requirement.

With the rapid development and application of emerging information technology, the traditional network security architecture is more and more difficult to support flexible dynamic and a wider range of business data access requirements. Zero trust technology can truly realize the aggregation of security and business by building an end-to-end dynamic new boundary based on identity, which puts forward a new direction for the upgrade and evolution of enterprise network security architecture. This paper mainly includes access control and identity authentication management functions. The goal of access control system is to ensure that legitimate and secure users can use the system normally, and then protect the security of enterprise network and server. The functions of the access control system include identifying the user's identity (legitimacy), evaluating the security characteristics (Security) of the user's machine, and taking corresponding response strategies.

The construction of the power Internet of Things has led various terminals to access the corporate network on a large scale. The internal and external business interaction and data exchange are more extensive. The current security protection system is based on border isolation protection. This is difficult to meet the needs of the power Internet of Things connection and open shared services. This paper studies the application scheme of the ``zero trust'' typical business scenario of the power Internet of Things with ``Continuous Identity Authentication and Dynamic Access Control'' as the core, and designs the power internet security protection architecture based on zero trust.

Zero Trust security model permits to secure cloud native applications while encrypting all network communication, authenticating, and authorizing every request. The service mesh can enable Zero Trust using a side-car proxy without changes to the application code. To the best of our knowledge, no previous work has provided a performance analysis of Zero Trust in a multi-cloud environment. This paper proposes a multi-cloud framework and a testing workflow to analyse performance of the data plane under load and the impact on the control plane, when Zero Trust is enabled. The results of preliminary tests show that Istio has reduced latency variability in responding to sequential HTTP requests. Results also reveal that the overall CPU and memory usage can increase based on service mesh configuration and the cloud environment.

In order to guarantee the normal operation of the power Internet of things devices, the zero-trust idea was used for studying the security protection strategies of devices from four aspects: user authentication, equipment trust, application integrity and flow baselines. Firstly, device trust is constructed based on device portrait; then, verification of device application integrity based on MD5 message digest algorithm to achieve device application trustworthiness. Next, the terminal network traffic baselines are mined from OpenFlow, a southbound protocol in SDN. Finally, according to the dynamic user trust degree attribute access control model, the comprehensive user trust degree was obtained by weighting the direct trust degree. It obtained from user authentication and the trust degree of user access to terminal communication traffic. And according to the comprehensive trust degree, users are assigned the minimum authority to access the terminal to realize the security protection of the terminal. According to the comprehensive trust degree, the minimum permissions for users to access the terminal were assigned to achieve the security protection of the terminal. The research shows that the zero-trust mechanism is applied to the terminal security protection of power Internet of Things, which can improve the reliability of the safe operation of terminal equipment.

Under the background of increasingly severe security situation, the new working mode of power mobile internet business anytime and anywhere has greatly increased the complexity of network interaction. At the same time, various means of breaking through the boundary protection and moving laterally are emerging in an endless stream. The existing boundary-based mobility The security protection architecture is difficult to effectively respond to the current complex and diverse network attacks and threats, and faces actual combat challenges. This article first analyzes the security risks faced by the existing power mobile Internet services, and conducts a collaborative analysis of the key points of zero-trust based security protection from multiple perspectives such as users, terminals, and applications; on this basis, from identity security authentication, continuous trust evaluation, and fine-grained access The dimension of control, fine-grained access control based on identity trust, and the design of a zero-trust-based power mobile interconnection business security protection framework to provide theoretical guidance for power mobile business security protection.

Cloud storage is a low-cost and convenient storage method, but the nature of cloud storage determines the existence of security risks for data uploaded by users. In order to ensure the security of users' data in third-party cloud platforms, a zero trust security platform for data trusteeship is proposed. The platform introduces the concept of zero trust, which meets the needs of users to upload sensitive data to untrusted third-party cloud platforms by implementing multiple functional modules such as sensitivity analysis service, cipher index service, attribute encryption service.

With the rise of the cloud computing and services, the network environments tend to be more complex and enormous. Security control becomes more and more hard due to the frequent and various access and requests. There are a few techniques to solve the problem which developed separately in the recent years. Network Micro-Segmentation provides the system the ability to keep different parts separated. Zero Trust Model ensures the network is access to trusted users and business by applying the policy that verify and authenticate everything. With the combination of Segmentation and Zero Trust Model, a system will obtain the ability to control the access to organizations' or industrial valuable assets. To implement the cooperation, the paper designs a strategy named light verification to help the process to be painless for the cost of inspection. The strategy was found to be effective from the perspective of the technical management, security and usability.

Perimeter models, which provide access control for protecting resources on networks, make authorization decisions using the source network of access requests as one of critical factors. However, such models are problematic because once a network is intruded, the attacker gains access to all of its resources. To overcome the above problem, a Zero Trust Network (ZTN) is proposed as a new security model in which access control is performed by authenticating users who request access and then authorizing such requests using various information about users and devices called contexts. To correctly make authorization decisions, this model must take a large amount of various contexts into account. However, in some cases, an access control mechanism cannot collect enough context to make decisions, e.g., when an organization that enforces access control joins the identity federation and uses systems operated by other organizations. This is because the contexts collected using the systems are stored in individual systems and no federation exists for sharing contexts. In this study, we propose the concept of a Zero Trust Federation (ZTF), which applies the concept of ZTN under the identity federation, and a method for sharing context among systems of organizations. Since context is sensitive to user privacy, we also propose a mechanism for sharing contexts under user control. We also verify context sharing by implementing a ZTF prototype.

This paper analyzes the vulnerability in the process of key negotiation between the main mode and aggressive mode of IKEv1 protocol in IPSec VPN, and proposes a DOS attack method based on OSPF protocol adjacent route spoofing. The experiment verifies the insecurity of IPSec VPN using IKEv1 protocol. This attack method has the advantages of lower cost and easier operation compared with using botnet.

Cryptographic protocols are utilized for establishing a secure session between “honest” agents which communicate strictly according to the protocol rules as well as for ensuring the authenticated and confidential transmission of messages. The specification of a cryptographic protocol is usually presented as a set of requirements for the sequences of transmitted messages including the format of such messages. Note that protocol can describe several execution scenarios. All these requirements lead to a huge formal specification for a real cryptographic protocol and therefore, it is difficult to verify the security of the whole cryptographic protocol at once. In this paper, to overcome this problem, we suggest verifying the protocol security for its fragments. Namely, we verify the security properties for a special set of so-called traces of the cryptographic protocol. Intuitively, a trace of the cryptographic protocol is a sequence of computations, value checks, and transmissions on the sides of “honest” agents permitted by the protocol. In order to choose such set of traces, we introduce an Adversary model and the notion of a similarity relation for traces. We then verify the security properties of selected traces with Tamarin Prover. Experimental results for the EAP and Noise protocols clearly show that this approach can be promising for automatic verification of large protocols.

The extensive use of the internet and web-based applications spot the multiserver authentication as a significant component. The users can get their services after authenticating with the service provider by using similar registration records. Various protocol schemes are developed for multiserver authentication, but the existing schemes are not secure and often lead towards various vulnerabilities and different security issues. Recently, Zhao et al. put forward a proposal for smart card and user's password-based authentication protocol for the multiserver environment and showed that their proposed protocol is efficient and secure against various security attacks. This paper points out that Zhao et al.'s authentication scheme is susceptive to traceability as well as anonymity attacks. Thus, it is not feasible for the multiserver environment. Furthermore, in their scheme, it is observed that a user while authenticating does not send any information with any mention of specific server identity. Therefore, this paper proposes an enhanced, efficient and secure user authentication scheme for use in any multiserver environment. The formal security analysis and verification of the protocol is performed using state-of-the-art tool “ProVerif” yielding that the proposed scheme provides higher levels of security.

As a general interface for chip system testing and on-chip debugging, JTAG is facing serious security threats. By analyzing the typical JTAG attack model and security protection measures, this paper designs a secure JTAG debugging model based on Schnorr identity authentication protocol, and takes RISCV as an example to build a set of SoC prototype system to complete functional verification. Experiments show that this secure JTAG debugging model has high security, flexible implementation, and good portability. It can meet the JTAG security protection requirements in various application scenarios. The maximum clock frequency can reach 833MHZ, while the hardware overhead is only 47.93KGate.

Within a framework for verifying parametric network protocols through induction, one needs to find invariants based on a protocol instance of a small number of nodes. In this paper, we propose a new approach to accelerate parameterized verification by adopting decision trees to represent the state space of a protocol instance. Such trees can be considered as a knowledge base that summarizes all behaviors of the protocol instance. With this knowledge base, we are able to efficiently construct an oracle to effectively assess candidates of invariants of the protocol, which are suggested by an invariant finder. With the discovered invariants, a formal proof for the correctness of the protocol can be derived in the framework after proper generalization. The effectiveness of our method is demonstrated by experiments with typical benchmarks.