Biblio

In the traditional Internet of Vehicles, communication data is easily tampered with and easily leaked. In order to improve the trust evaluation mechanism of the Internet of Vehicles and establish a trust relationship between vehicles, a blockchain-based Internet of Vehicles trust evaluation (BBTE) scheme is proposed. First, the scheme uses the roadside unit RSU to calculate the trust value of vehicle nodes and maintain the generation, verification and storage of blocks, so as to realize distributed data storage and ensure that data cannot be tampered with. Secondly, an efficient trust evaluation method is designed. The method integrates four trust decision factors: initial trust, historical experience trust, recommendation trust and RSU observation trust to obtain the overall trust value of vehicle nodes. In addition, in the process of constructing the recommendation trust method, the recommendation trust is divided into three categories according to the interaction between the recommended vehicle node and the communicator, use CRITIC to obtain the optimal weights of three recommended trusts, and use CRITIC to obtain the optimal weights of four trust decision-making factors to obtain the final trust value. Finally, the NS3 simulation platform is used to verify the security and accuracy of the trust evaluation method, and to improve the identification accuracy and detection rate of malicious vehicle nodes. The experimental analysis shows that the scheme can effectively deal with the gray hole attack, slander attack and collusion attack of other vehicle nodes, improve the security of vehicle node communication interaction, and provide technical support for the basic application of Internet of Vehicles security.

This article is about a criterion based on credibility complex fuzzy set (CCFS) to study the prevailing substitution boxes (S-box) and learn their properties to find out their suitability in image encryption applications. Also these criterion has its own properties which is discussed in detailed and on the basis of these properties we have to find the best optimal results and decide the suitability of an S-box to image encryption applications. S-box is the only components which produces the confusion in the every block cipher in the formation of image encryption. So, for this first we have to convert the matrix having color image using the nonlinear components and also using the proposed algebraic structure of credibility complex fuzzy set to find the best S-box for image encryption based on its criterion. The analyses show that the readings of GRAY S-box is very good for image data.

Currently, air pollution is still a problem that requires special attention, especially in big cities. Air pollution can come from motor vehicle fumes, factory smoke or other particles. To overcome these problems, a system is made that can monitor environmental conditions in order to know the good and bad of air quality in an environment and is expected to be a solution to reduce air pollution that occurs. The system created will utilize the Wireless Sensor Network (WSN) combined with Waspmote Smart Environment PRO, so that later data will be obtained in the form of temperature, humidity, CO levels and CO2 levels. From the sensor data that has been processed on Waspmote, it will then be used as input for data processing using a fuzzy algorithm. The classification obtained from sensor data processing using fuzzy to monitor environmental conditions there are 5 classifications, namely Very Good, Good, Average, Bad and Dangerous. Later the data that has been collected will be distributed to Meshlium as a gateway and will be stored in the database. The process of sending information between one party to another needs to pay attention to the confidentiality of data and information. The final result of the implementation of this research is that the system is able to classify values using fuzzy algorithms and is able to secure text data that will be sent to the database via Meshlium, and is able to display data sent to the website in real time.

The accelerated move toward adopting the Smart Grid paradigm has resulted in numerous drawbacks as far as security is concerned. Traditional power grids are becoming more vulnerable to cyberattacks as all the control decisions are generated based on the data the Smart Grid generates during its operation. This data can be tampered with or attacked in communication lines to mislead the control room in decision-making. The false data injection attack (FDIA) is one of the most severe cyberattacks on today’s cyber-physical power system, as it has the potential to cause significant physical and financial damage. However, detecting cyberattacks are incredibly challenging since they have no known patterns. In this paper, we launch a random FDIA on IEEE-39 bus system. Later, we propose a Bagging MLP-based autoencoder to detect the FDIAs in the power system and compare the result with a single ML model. The Bagging MLP-based autoencoder outperforms the Isolation forest while detecting FDIAs.

The fast-evolving Intelligent Transportation Systems (ITS) are crucial in the 21st century, promising answers to congestion and accidents that bother people worldwide. ITS applications such as Connected and Autonomous Vehicle (CAVs) update and broadcasts road incident event messages, and this requires significant data to be transmitted between vehicles for a decision to be made in real-time. However, broadcasting trusted incident messages such as accident alerts between vehicles pose a challenge for CAVs. Most of the existing-trust solutions are based on the vehicle's direct interaction base reputation and the psychological approaches to evaluate the trustworthiness of the received messages. This paper provides a scheme for improving trust in the received incident alert messages for real-time decision-making to detect malicious alerts between CAVs using direct and indirect interactions. This paper applies artificial intelligence and statistical data classification for decision-making on the received messages. The model is trained based on the US Department of Technology Safety Pilot Deployment Model (SPMD). An Autonomous Decision-making Trust Scheme (ADmTS) that incorporates a machine learning algorithm and a local trust manager for decision-making has been developed. The experiment showed that the trained model could make correct predictions such as 98% and 0.55% standard deviation accuracy in predicting false alerts on the 25% malicious data

The paper considers the important problem of information protection in complex energy systems. The expert assessment of information protection in complex energy systems method has been developed. Based on the conducted research and data processing, a method of forming the analytical basis for decision-making aimed at ensuring the competitiveness of complex information protection systems has been developed.

In recent decades, a Distributed Denial of Service (DDoS) attack is one of the most expensive attacks for business organizations. The DDoS is a form of cyber-attack that disrupts the operation of computer resources and networks. As technology advances, the styles and tools used in these attacks become more diverse. These attacks are increased in frequency, volume, and intensity, and they can quickly disrupt the victim, resulting in a significant financial loss. In this paper, it is described the significance of DDOS attacks and propose a new method for detecting and mitigating the DDOS attacks by analyzing the traffics coming to the server from the BOTNET in attacking system. The process of analyzing the requests coming from the BOTNET uses the Machine learning algorithm in the decision making. The simulation is carried out and the results analyze the DDOS attack.

SWIM (System Wide Information Management) has become the development direction of A TM (Air Traffic Management) system by providing interoperable services to promote the exchange and sharing of data among various stakeholders. The premise of data sharing is security, and the access control has become the key guarantee for the secure sharing and exchange. The CP-ABE scheme (Ciphertext Policy Attribute-Based Encryption) can realize one-to-many access control, which is suitable for the characteristics of SWIM environment. However, the combination of the existing CP-ABE access control and SWIM has following constraints. 1. The traditional single authority CP-ABE scheme requires unconditional trust in the authority center. Once the authority center is corrupted, the excessive authority of the center may lead to the complete destruction of system security. So, SWIM with a large user group and data volume requires multiple authorities CP-ABE when performing access control. 2. There is no unified management of users' data access records. Lack of supervision on user behavior make it impossible to effectively deter malicious users. 3. There are a certain proportion of lightweight data users in SWIM, such as aircraft, users with handheld devices, etc. And their computing capacity becomes the bottleneck of data sharing. Aiming at these issues above, this paper based on cloud-chain fusion basically proposes a multi-authority CP-ABE scheme, called the MOV ATM scheme, which has three advantages. 1. Based on a multi-cloud and multi-authority CP-ABE, this solution conforms to the distributed nature of SWIM; 2. This scheme provides outsourced computing and verification functions for lightweight users; 3. Based on blockchain technology, a blockchain that is maintained by all stakeholders of SWIM is designed. It takes user's access records as transactions to ensure that access records are well documented and cannot be tampered with. Compared with other schemes, this scheme adds the functions of multi-authority, outsourcing, verifiability and auditability, but do not increase the decryption cost of users.

Vulnerability assessment is an important process for network security. However, most commonly used vulnerability assessment methods still rely on expert experience or rule-based automated scripts, which are difficult to meet the security requirements of increasingly complex network environment. In recent years, although scientists and engineers have made great progress on artificial intelligence in both theory and practice, it is a challenging to manufacture a mature high-quality intelligent products in the field of network security, especially in penetration testing based vulnerability assessment for enterprises. Therefore, in order to realize the intelligent penetration testing, Vul.AI with its rich experience in cyber attack and defense for many years has designed and developed a set of intelligent penetration and attack simulation system Ai.Scan, which is based on attack chain, knowledge graph and related evaluation algorithms. In this paper, the realization principle, main functions and application scenarios of Ai.Scan are introduced in detail.

With the development of information technology, extracting important data that people need from the vast information has become the key to a successful era. Therefore, big data technology is increasingly recognized by the public. While creating a lot of commercial value for enterprises, it also brings huge challenges to information security and privacy. In the big data environment, data has become an important medium for corporate decision-making, and information security and privacy protection have become the “army battleground” in corporate competition. Therefore, information security and privacy protection are getting more and more attention from enterprises, which also determines whether enterprises can occupy a place in the fiercely competitive market. This article analyzes the information security and privacy protection issues of enterprises in the big data environment from three aspects. Starting from the importance and significance of big data protection, it analyzes the security and privacy issues of big data in enterprise applications, and finally conducts information security and privacy protection for enterprises. Privacy protection puts forward relevant suggestions.

IoBTs must feature collaborative, context-aware, multi-modal fusion for real-time, robust decision-making in adversarial environments. The integration of machine learning (ML) models into IoBTs has been successful at solving these problems at a small scale (e.g., AiTR), but state-of-the-art ML models grow exponentially with increasing temporal and spatial scale of modeled phenomena, and can thus become brittle, untrustworthy, and vulnerable when interpreting large-scale tactical edge data. To address this challenge, we need to develop principles and methodologies for uncertainty-quantified neuro-symbolic ML, where learning and inference exploit symbolic knowledge and reasoning, in addition to, multi-modal and multi-vantage sensor data. The approach features integrated neuro-symbolic inference, where symbolic context is used by deep learning, and deep learning models provide atomic concepts for symbolic reasoning. The incorporation of high-level symbolic reasoning improves data efficiency during training and makes inference more robust, interpretable, and resource-efficient. In this paper, we identify the key challenges in developing context-aware collaborative neuro-symbolic inference in IoBTs and review some recent progress in addressing these gaps.

Cooperative secure computing based on the relationship between numerical value and numerical interval is not only the basic problems of secure multiparty computing but also the core problems of cooperative secure computing. It is of substantial theoretical and practical significance for information security in relation to scientific computing to continuously investigate and construct solutions to such problems. Based on the Goldwasser-Micali homomorphic encryption scheme, this paper propose the Morton rule, according to the characteristics of the interval, a double-length vector is constructed to participate in the exclusive-or operation, and an efficient cooperative decision-making solution for integer and integer interval security is designed. This solution can solve more basic problems in cooperative security computation after suitable transformations. A theoretical analysis shows that this solution is safe and efficient. Finally, applications that are based on these protocols are presented.

Phishing activity is undertaken by the hackers to compromise the computer networks and financial system. A compromised computer system or network provides data and or processing resources to the world of cybercrime. Cybercrimes are projected to cost the world \$6 trillion by 2021, in this context phishing is expected to continue being a growing challenge. Statistics around phishing growth over the last decade support this theory as phishing numbers enjoy almost an exponential growth over the period. Recent reports on the complexity of the phishing show that the fight against phishing URL as a means of building more resilient cyberspace is an evolving challenge. Compounding the problem is the lack of cyber security expertise to handle the expected rise in incidents. Previous research have proposed different methods including neural network, data mining technique, heuristic-based phishing detection technique, machine learning to detect phishing websites. However, recently phishers have started to use more sophisticated techniques to attack the internet users such as VoIP phishing, spear phishing etc. For these modern methods, the traditional ways of phishing detection provide low accuracy. Hence, the requirement arises for the application and development of modern tools and techniques to use as a countermeasure against such phishing attacks. Keeping in view the nature of recent phishing attacks, it is imperative to develop a state-of-the art anti-phishing tool which should be able to predict the phishing attacks before the occurrence of actual phishing incidents. We have designed such a tool that will work efficiently to detect the phishing websites so that a user can understand easily the risk of using of his personal and financial data.

Event detection and classification are crucial to power system stability. The Wide Area Measurement System (WAMS) technology helps in enhancing wide area situational awareness by providing useful synchronized information to the grid control center in order to accurately identify various power system events. This paper demonstrates the viability of using EWAMS (Egyptian Wide Area Measurement System) data as one of the evolving technologies of smart grid to identify extreme events within the Egyptian power grid. The proposed scheme is based on online synchronized measurements of wide-area monitoring devices known as Frequency Disturbance Recorders (FDRs) deployed at selected substations within the grid. The FDR measures the voltage, voltage angle, and frequency at the substation and streams the processed results to the Helwan University Host Server (HUHS). Each FDR is associated with a timestamp reference to the Global Positioning System (GPS) base. An EWAMS-based frequency disturbance detection algorithm based on the rate of frequency deviation is developed to identify varies types of events such as generator trip and load shedding. Based on proper thresholding on the frequency and rate of change of frequency of the Egyptian grid, different types of events have been captured in many locations during the supervision and monitoring the operation of the grid. EWAMS historical data is used to analyze a wide range of data pre-event, during and post-event for future enhancement of situational awareness as well as decision making.

Control room video surveillance is an important source of information for ensuring public safety. To facilitate the process, a Decision-Support System (DSS) designed for the security task force is vital and necessary to take decisions rapidly using a sea of information. In case of mission critical operation, Situational Awareness (SA) which consists of knowing what is going on around you at any given time plays a crucial role across a variety of industries and should be placed at the center of our DSS. In our approach, SA system will take advantage of the human factor thanks to the reinforcement signal whereas previous work on this field focus on improving knowledge level of DSS at first and then, uses the human factor only for decision-making. In this paper, we propose a situational awareness-centric decision-support system framework for mission-critical operations driven by Quality of Experience (QoE). Our idea is inspired by the reinforcement learning feedback process which updates the environment understanding of our DSS. The feedback is injected by a QoE built on user perception. Our approach will allow our DSS to evolve according to the context with an up-to-date SA.

In view of the problems that the existing power grid risk assessment mainly depends on the data fusion of decision-making level, which has strong subjectivity and less effective information, this paper proposes a risk assessment method of microgrid system based on random matrix theory. Firstly, the time series data of multiple sensors are constructed into a high-dimensional matrix according to the different parameter types and nodes; Then, based on random matrix theory and sliding time window processing, the average spectral radius sequence is calculated to characterize the state of microgrid system. Finally, an example is given to verify the effectiveness of the method.

Blockchain as a tamper-proof, non-modifiable and traceable distributed ledger technology has received extensive attention. Although blockchain's immutability provides security guarantee, it prevents the development of new blockchain technology. As we think, there are several arguments to prefer a controlled modifiable blockchain, from the possibility to cancel the transaction and necessity to remove the illicit or harmful documents, to the ability to support the scalability of blockchain. Meanwhile, the rapid development of quantum technology has made the establishment of post-quantum cryptosystems an urgent need. In this paper, we put forward the first lattice-based redactable consortium blockchain scheme that makes it possible to rewrite or repeal the content of any blocks. Our approach uses a consensus-based election and lattice-based chameleon hash function (Cash and Hofheinz etc. EUROCRYPT 2010). With knowledge of secret trapdoor, the participant could find the hash collisions efficiently. And each member of the consortium blockchain has the right to edit the history.

In response to the vulnerabilities in traditional perimeter-based network security, the zero trust framework is a promising approach to secure modern network systems and address the challenges. The core of zero trust security is agent-centric trust evaluation and trust-based security decisions. The challenges, however, arise from the limited observations of the agent's footprint and asymmetric information in the decision-making. An effective trust policy needs to tradeoff between the security and usability of the network. The explainability of the policy facilitates the human understanding of the policy, the trust of the result, as well as the adoption of the technology. To this end, we formulate a zero-trust defense model using Partially Observable Markov Decision Processes (POMDP), which captures the uncertainties in the observations of the defender. The framework leads to an explainable trust-threshold policy that determines the defense policy based on the trust scores. This policy is shown to achieve optimal performance under mild conditions. The trust threshold enables an efficient algorithm to compute the defense policy while providing online learning capabilities. We use an enterprise network as a case study to corroborate the results. We discuss key factors on the trust threshold and illustrate how the trust threshold policy can adapt to different environments.

Achieving agile and resilient autonomous capabilities for cyber defense requires moving past indicators and situational awareness into automated response and recovery capabilities. The objective of the AlphaSOC project is to use state of the art sequential decision-making methods to automatically investigate and mitigate attacks on cyber physical systems (CPS). To demonstrate this, we developed a simulation environment that models the distributed navigation control system and physics of a large ship with two rudders and thrusters for propulsion. Defending this control network requires processing large volumes of cyber and physical signals to coordi-nate defensive actions over many devices with minimal disruption to nominal operation. We are developing a Reinforcement Learning (RL)-based approach to solve the resulting sequential decision-making problem that has large observation and action spaces.

Today’s Supply Chains (SC) are engulfed in a maelstrom of risks which arise mainly from uncertain, contradictory, and incomplete information. A decision-making process is required in order to detect threats, assess risks, and implements mitigation methods to address these issues. However, Neutrosophic Data Analytic Hierarchy Process (NDAHP) allows for a more realistic reflection of real-world problems while taking into account all factors that lead to effective risk assessment for Multi Criteria Decision-Making (MCDM). The purpose of this paper consists of an implementation of the NDAHP for MCDM aiming to identifying, ranking, prioritizing and analyzing risks without considering SC’ expert opinions. To that end, we proceed, first, for selecting and analyzing the most 23 relevant risk indicators that have a significant impact on the SC considering three criteria: severity, occurrence, and detection. After that, the NDAHP method is implemented and showcased, on the selected risk indicators, throw an illustrative example. Finally, we discuss the usability and effectiveness of the suggested method for the SCRM purposes.

The purpose of this research work is to develop an approach based on risk management with a view to provide managers and decision-makers with assistance and appropriate guidelines to combine Lean and Green in a successful and integrated way. Risk cannot be managed if not well-identified; hence, a classification of supply chain risks in a Lean Green context was provided. Subsequently to risk identification an approach based on Weighted Product Method (WPM) was proposed; for risk assessment and prioritization, for its ease of use, flexibility and board adaptability. The output of this analysis provides visibility about organization's position toward desired performance and underlines crucial risks to be addressed which marks the starting point of the way to performance improvement. A case study was introduced to demonstrate the applicability and relevance of the developed framework.

Logistics risk assessment in the supply chain is considered as one of the important topics that has attracted the attention of researchers in recent years; Companies that struggle to manage their logistical risks by not putting in place resilient strategies to mitigate them, may suffer from significant financial losses; The automotive industry is a vital sector for the Moroccan economy, the year 2020, the added-value of the automotive industry in Morocco is higher than that of the fertilizer (Fathi, n.d.) [1], This sector is considered the first exporter of the country. Our study will focuses on the assessment of the pure logistical risks in the moroccan automotive industry. Our main objective for this study is to assess the logistical risks which will allow us to put in place proactive and predictive resilient strategies for their mitigation.

The development of new types of technology actualizes the issues of ensuring their information security. The aim of the work is to increase the security of the collective decision-making process in swarm robotic systems from negative impacts by identifying malicious robots. It is proposed to use confidence in choosing an alternative when reaching a consensus as a criterion for identifying malicious robots - a malicious robot, having a special behavior strategy, does not fully take into account the signs of the external environment and information from other robots, which means that such a robot will change its mind with characteristic features for each malicious strategy, and its degree of confidence will be different from the usual voting robot. The modeling performed and the obtained experimental data on three types of malicious behavioral strategies demonstrate the possibility of using the degree of confidence to identify malicious robots. The advantages of the approach are taking into account a large number of alternatives and universality, which lies in the fact that the method is based on the mechanisms of collective decision-making, which proceed in the same way on various hardware platforms of swarm robotic systems. The proposed method can serve as a basis for the development of more complex security mechanisms in swarm robotic systems.

In the context of IoT (Internet of Things), Device Management (DM), i.e., remote administration of IoT devices, becomes essential to keep them connected, updated and secure, thus increasing their lifespan through firmware and configuration updates and security patches. Legacy DM solutions are adequate when dealing with home devices (such as Television set-top boxes) but need to be extended to adapt to new IoT requirements. Indeed, their manual operation by system administrators requires advanced knowledge and skills. Further, the static DM platform — a component above IoT platforms that offers advanced features such as campaign updates / massive operation management — is unable to scale and adapt to IoT dynamicity. To cope with this, this work, performed in an industrial context at Orange, proposes a self-adaptive architecture with runtime horizontal scaling of DM servers, with an autonomic Auto-Scaling Manager, integrating in the loop constraint programming for decision-making, validated with a meaningful industrial use-case.

OHODIN is an online extension for data streams of the kNN-based ODIN anomaly detection approach. It provides a detection-threshold heuristic that is based on extreme value theory. In contrast to sophisticated anomaly and novelty detection approaches the decision-making process of ODIN is interpretable by humans, making it interesting for certain applications. However, it is limited in terms of the underlying detection method. In this article, we present an extension of the OHODIN to further detection techniques to reinforce OHODIN capability of online data streams anomaly detection. We introduce the algorithm modifications and an experimental evaluation with competing state-of-the-art anomaly detection approaches.