Biblio

In the information age, computer network technology has covered different areas of social life and involved various fields, and artificial intelligence, as an emerging technology with a very rapid development momentum in recent years, is important in promoting the development of computer network systems. This article explains the concept of artificial intelligence technology, describes the problems faced by computer networks, further analyses the advantages of artificial intelligence and the inevitability of application in network technology, and then studies the application of artificial intelligence in computer network technology.

Distributed denial of service attacks threaten the security and health of the Internet. Remediation relies on up-to-date and accurate attack signatures. Signature-based detection is relatively inexpensive computationally. Yet, signatures are inflexible when small variations exist in the attack vector. Attackers exploit this rigidity by altering their attacks to bypass the signatures. Our previous work revealed a critical problem with conventional machine learning models. Conventional models are unable to generalize on the temporal nature of network flow data to classify attacks. We thus explored the use of deep learning techniques on real flow data. We found that a variety of attacks could be identified with high accuracy compared to previous approaches. We show that a convolutional neural network can be implemented for this problem that is suitable for large volumes of data while maintaining useful levels of accuracy.

Wireless sensor networks (WSNs) are underlying network infrastructure for a variety of surveillance applications. The network should be tolerant of unexpected failures of sensor nodes to meet the Quality of Service (QoS) requirements of these applications. One major cause of failure is active security attacks such as Depletion-of-Battery (DoB) attacks. This paper model the problem of detecting such attacks as an anomaly detection problem in a dynamic graph. The problem is addressed by employing a cluster ensemble approach called the K-Means Spectral and Hierarchical ensemble (KSH) approach. The experimental result shows that KSH detected DoB attacks with better accuracy when compared to baseline approaches.

With the increasing scale of network, the scale of attack graph has been becoming larger and larger, and the number of nodes in attack graph is also increasing, which can not directly reflect the impact of nodes on the whole system. Therefore, in this paper, a method was proposed to determine the key nodes of network attack graph of power information physical system to solve the problem of uncertain emphasis of security protection of attack graph.

The cipher-text homomorphism encryption algorithm (homomorphic encryption) are used for the cloud safe and to solve the integrity, availability and controllability of information. For homomorphic encryption, we, by Topsnut-gpw technique, design: degree-sequence homomorphisms and their inverses, degree-sequence homomorphic chain, graph-set homomorphism, colored degree-sequence matrices and every-zero Cds-matrix groups, degree-coinciding degree-sequence lattice, degree-joining degree-sequence lattice, as well as degree-sequence lattice homomorphism, since number-based strings made by Topsnut-gpws of topological coding are irreversible, and Topsnut-gpws can realize: one public-key corresponds two or more privatekeys, and more public-key correspond one or more private-keys for asymmetric encryption algorithm.

At present, the detection of encrypted ransomware under the Android platform mainly relies on analyzing the API call of the encryption function. But for ransomware that uses a custom encryption algorithm, the method will be invalid. This article analyzed the files before and after encryption by the ransomware, and found that there were obvious changes in the information entropy and file name of the files. Based on this, this article proposed a detection method for encrypted ransomware under the Android platform. Through pre-setting decoy files and the characteristic judgment before and after the execution of the sample to be tested, completed the detection and judgment of the ransomware. Having tested 214 samples, this method can be porved to detect encrypted ransomware accurately under the Android platform, with an accuracy rate of 98.24%.

Machine learning methods are growing in relevance for biometrics and personal information processing in domains such as forensics, e-health, recruitment, and e-learning. In these domains, white-box (human-readable) explanations of systems built on machine learning methods can become crucial. Inductive Logic Programming (ILP) is a subfield of symbolic AI aimed to automatically learn declarative theories about the process of data. Learning from Interpretation Transition (LFIT) is an ILP technique that can learn a propositional logic theory equivalent to a given blackbox system (under certain conditions). The present work takes a first step to a general methodology to incorporate accurate declarative explanations to classic machine learning by checking the viability of LFIT in a specific AI application scenario: fair recruitment based on an automatic tool generated with machine learning methods for ranking Curricula Vitae that incorporates soft biometric information (gender and ethnicity). We show the expressiveness of LFIT for this specific problem and propose a scheme that can be applicable to other domains.

As machine learning approaches are increasingly used to augment human decision-making, eXplainable Artificial Intelligence (XAI) research has explored methods for communicating system behavior to humans. However, these approaches often fail to account for the affective responses of humans as they interact with explanations. Facial affect analysis, which examines human facial expressions of emotions, is one promising lens for understanding how users engage with explanations. Therefore, in this work, we aim to (1) identify which facial affect features are pronounced when people interact with XAI interfaces, and (2) develop a multitask feature embedding for linking facial affect signals with participants' use of explanations. Our analyses and results show that the occurrence and values of facial AU1 and AU4, and Arousal are heightened when participants fail to use explanations effectively. This suggests that facial affect analysis should be incorporated into XAI to personalize explanations to individuals' interaction styles and to adapt explanations based on the difficulty of the task performed.

A random rule foam grows and combines several independent fuzzy rule-based systems by randomly sampling input-output data from a trained deep neural classifier. The random rule foam defines an interpretable proxy system for the sampled black-box classifier. The random foam gives the complete Bayesian posterior probabilities over the foam subsystems that contribute to the proxy system's output for a given pattern input. It also gives the Bayesian posterior over the if-then fuzzy rules in each of these constituent foams. The random foam also computes a conditional variance that describes the uncertainty in its predicted output given the random foam's learned rule structure. The mixture structure leads to bootstrap confidence intervals around the output. Using the Bayesian posterior probabilities to prune or discard low-probability sub-foams improves the system's classification accuracy. Simulations used the MNIST image data set of 60,000 gray-scale images of ten hand-written digits. Dropping the lowest-probability foams per input pattern brought the pruned random foam's classification accuracy nearly to that of the neural classifier. Posterior pruning outperformed simple accuracy pruning of a random foam and outperformed a random forest trained on the same neural classifier.

The adoption of artificial intelligence (AI) into domains that impact human life (healthcare, agriculture, security and defense, etc.) has led to an increased demand for explainable AI (XAI). Herein, we focus on an under represented piece of the XAI puzzle, information fusion. To date, a number of low-level XAI explanation methods have been proposed for the fuzzy integral (FI). However, these explanations are tailored to experts and its not always clear what to do with the information they return. In this article we review and categorize existing FI work according to recent XAI nomenclature. Second, we identify a set of initial actions that a user can take in response to these low-level statistical, graphical, local, and linguistic XAI explanations. Third, we investigate the design of an interactive user friendly XAI report. Two case studies, one synthetic and one real, show the results of following recommended actions to understand and improve tasks involving classification.

The notion of Zero Trust Architecture (ZTA) has been introduced as a fine-grained defense approach. It assumes that no entities outside and inside the protected system can be trusted and therefore requires articulated and high-coverage deployment of security controls. However, ZTA is a complex notion which does not have a single design solution; rather it consists of numerous interconnected concepts and processes that need to be assessed prior to deciding on a solution. In this paper, we outline a ZTA design methodology based on cyber risks and the identification of known high security risks. We then discuss challenges related to the design and deployment of ZTA and related solutions. We also discuss the role that service technology can play in ZTA.

The construction of the power Internet of Things has led various terminals to access the corporate network on a large scale. The internal and external business interaction and data exchange are more extensive. The current security protection system is based on border isolation protection. This is difficult to meet the needs of the power Internet of Things connection and open shared services. This paper studies the application scheme of the ``zero trust'' typical business scenario of the power Internet of Things with ``Continuous Identity Authentication and Dynamic Access Control'' as the core, and designs the power internet security protection architecture based on zero trust.

Zero Trust security model permits to secure cloud native applications while encrypting all network communication, authenticating, and authorizing every request. The service mesh can enable Zero Trust using a side-car proxy without changes to the application code. To the best of our knowledge, no previous work has provided a performance analysis of Zero Trust in a multi-cloud environment. This paper proposes a multi-cloud framework and a testing workflow to analyse performance of the data plane under load and the impact on the control plane, when Zero Trust is enabled. The results of preliminary tests show that Istio has reduced latency variability in responding to sequential HTTP requests. Results also reveal that the overall CPU and memory usage can increase based on service mesh configuration and the cloud environment.

Perimeter models, which provide access control for protecting resources on networks, make authorization decisions using the source network of access requests as one of critical factors. However, such models are problematic because once a network is intruded, the attacker gains access to all of its resources. To overcome the above problem, a Zero Trust Network (ZTN) is proposed as a new security model in which access control is performed by authenticating users who request access and then authorizing such requests using various information about users and devices called contexts. To correctly make authorization decisions, this model must take a large amount of various contexts into account. However, in some cases, an access control mechanism cannot collect enough context to make decisions, e.g., when an organization that enforces access control joins the identity federation and uses systems operated by other organizations. This is because the contexts collected using the systems are stored in individual systems and no federation exists for sharing contexts. In this study, we propose the concept of a Zero Trust Federation (ZTF), which applies the concept of ZTN under the identity federation, and a method for sharing context among systems of organizations. Since context is sensitive to user privacy, we also propose a mechanism for sharing contexts under user control. We also verify context sharing by implementing a ZTF prototype.

With the rapid development of traffic encryption technology and the continuous emergence of various network services, the classification of encrypted zero-day applications has become a major challenge in network supervision. More seriously, many attackers will utilize zero-day applications to hide their attack behaviors and make attack undetectable. However, there are very few existing studies on zero-day applications. Existing works usually select and label zero-day applications from unlabeled datasets, and these are not true zero-day applications classification. To address the classification of zero-day applications, this paper proposes an Encrypted Zero-day Applications Classification (EZAC) method that combines Convolutional Neural Network (CNN) and K-Means, which can effectively classify zero-day applications. We first use CNN to classify the flows, and for the flows that may be zero-day applications, we use K-Means to divide them into several categories, which are then manually labeled. Experimental results show that the EZAC achieves 97.4% accuracy on a public dataset (CIC-Darknet2020), which outperforms the state-of-the-art methods.

We consider the anonymous mutual authentication problem, which consists of a certificate authority, single or multiple verifiers, many legitimate users (provers) and any arbitrary number of illegitimate users. The legal verifier and a legitimate user must be mutually authenticated to each other using the user's key, while the identity of the user must stay unrevealed. An attacker (illegitimate prover) as well as an illegal verifier must fail in authentication. A general interactive information theoretic framework in a finite field is proposed, where the normalized total key rate as a metric for reliability is defined. Maximizing this rate has a trade-off with establishing anonymity. The problem is studied in two different scenarios: centralized scenario (one single verifier performs the authentication process) and distributed scenario (authentication is done by N verifiers, distributively). For both scenarios, achievable schemes, which satisfy the completeness, soundness (at both verifier and prover) and anonymity properties, are proposed. Increasing the size of the field, results in the key rate approaching its upper bound.

We study the problem of randomized Leader Election in synchronous distributed networks with indistinguishable nodes. We consider algorithms that work on networks of arbitrary topology in two settings, depending on whether the size of the network, i.e., the number of nodes \$n\$, is known or not. In the former setting, we present a new Leader Election protocol that improves over previous work by lowering message complexity and making it close to a lower bound by a factor in \$$\backslash$widetildeO($\backslash$sqrtt\_mix$\backslash$sqrt$\backslash$Phi)\$, where $\Phi$ is the conductance and \textsubscriptmix is the mixing time of the network graph. We then show that lacking the network size no Leader Election algorithm can guarantee that the election is final with constant probability, even with unbounded communication. Hence, we further classify the problem as Leader Election (the classic one, requiring knowledge of \$n\$ - as is our first protocol) or Revocable Leader Election, and present a new polynomial time and message complexity Revocable Leader Election algorithm in the setting without knowledge of network size. We analyze time and message complexity of our protocols in the CONGEST model of communication.

Due to the insufficient awareness of decision makers on the security risks of industrial cyber-physical systems(ICPS) under cyber-attacks, it is difficult to take effective defensive measures according to the characteristics of different cyber-attacks in advance. To solve the above problem, this paper gives a qualitative analysis method of ICPS security risk from the perspective of defenders. The ICPS being attacked is modeled as a dynamic closed-loop fusion model where the mathematical models of the physical plant and the feedback controller are established. Based on the fusion model, the disruption resources generated by attacks are mathematically described. Based on the designed Kalman filter, the detection of attacks is judged according to the residual value of the system. According to the disruption resources and detectability, a general security risk level model is further established to evaluate the security risk level of the system under attacks. The simulation experiments are conducted by using Matlab to analyze the destructiveness and detectability of attacks, where the results show that the proposed qualitative analysis method can effectively describe the security risk under the cyber-attacks.

In this paper, we consider a wireless federated learning (FL) system concerning differential privacy (DP) guarantee, where multiple edge devices collaboratively train a shared model under the coordination of a central base station (BS) through over-the-air computation (AirComp). However, due to the heterogeneity of wireless links, it is difficult to achieve the optimal trade-off between model privacy and accuracy during the FL model aggregation. To address this issue, we propose to utilize the reconfigurable intelligent surface (RIS) technology to mitigate the communication bottleneck in FL by reconfiguring the wireless propagation environment. Specifically, we aim to minimize the model optimality gap while strictly meeting the DP and transmit power constraints. This is achieved by jointly optimizing the device transmit power, artificial noise, and phase shifts at RIS, followed by developing a two-step alternating minimization framework. Simulation results will demonstrate that the proposed RIS-assisted FL model achieves a better trade-off between accuracy and privacy than the benchmarks.

Modern commercial software development organizations frequently prescribe to a development and deployment pattern for releases known as continuous integration / continuous deployment (CI/CD). Kubernetes, a cluster-based distributed application platform, is often used to implement this pattern. While the abstract concept is fairly well understood, CI/CD implementations vary widely. Resources are scattered across on-premise and cloud-based services, and systems may not be fully automated. Additionally, while a development pipeline may aim to ensure the security of the finished artifact, said artifact may not be protected from outside observers or cloud providers during execution. This paper describes a complete CI/CD pipeline running on Kubernetes that addresses four gaps in existing implementations. First, the pipeline supports strong separation-of-duties, partitioning development, security, and operations (i.e., DevSecOps) roles. Second, automation reduces the need for a human interface. Third, resources are scoped to a Kubernetes cluster for portability across environments (e.g., public cloud providers). Fourth, deployment artifacts are secured with Asylo, a development framework for trusted execution environments (TEEs).

When location-based services (LBS) are delivered, location data should be protected against honest-but-curious LBS providers, them being quasi-identifiers. One of the existing approaches to achieving this goal is location k-anonymity, which leverages the presence of a trusted party, called location trusted service (LTS), playing the role of anonymizer. A drawback of this approach is that the location trusted service is a single point of failure and traces all the users. Moreover, the protection is completely nullified if a global passive adversary is allowed, able to monitor the flow of messages, as the source of the query can be identified despite location k-anonymity. In this paper, we propose a distributed and hierarchical LTS model, overcoming both the above drawbacks. Moreover, position notification is used as cover traffic to hide queries and multicast is minimally adopted to hide responses, to keep k-anonymity also against the global adversary, thus enabling the possibility that LBS are delivered within social networks.

Advanced Persistent Threats (APT) consist of most skillful hackers who employ sophisticated techniques to stealthily gain unauthorized access to private networks and exfiltrate sensitive data. When their existence is discovered, organizations - if they can sustain business continuity - mostly have to perform forensics activities to assess the damage of the attack and discover the extent of sensitive data leakage. In this paper, we construct a novel framework to pinpoint sensitive data that may have been leaked in such an attack. Our framework consists of creating baseline fingerprints for each workstation for setting normal activity, and we consider the change in the behavior of the network overall. We compare the accused fingerprint with sensitive database information by utilizing both Levenstein distance and TF-IDF/cosine similarity resulting in a similarity percentage. This allows us to pinpoint what part of data was exfiltrated by the perpetrators, where in the network the data originated, and if that data is sensitive to the private company's network. We then perform feasibility experiments to show that even these simple methods are feasible to run on a network representative of a mid-size business.

The intranets in modern organizations are facing severe data breaches and critical resource misuses. By reusing user credentials from compromised systems, Advanced Persistent Threat (APT) attackers can move laterally within the internal network. A promising new approach called deception technology makes the network administrator (i.e., defender) able to deploy decoys to deceive the attacker in the intranet and trap him into a honeypot. Then the defender ought to reasonably allocate decoys to potentially insecure hosts. Unfortunately, existing APT-related defense resource allocation models are infeasible because of the neglect of many realistic factors.In this paper, we make the decoy deployment strategy feasible by proposing a game-theoretic model called the APT Deception Game to describe interactions between the defender and the attacker. More specifically, we decompose the decoy deployment problem into two subproblems and make the problem solvable. Considering the best response of the attacker who is aware of the defender’s deployment strategy, we provide an elitist reservation genetic algorithm to solve this game. Simulation results demonstrate the effectiveness of our deployment strategy compared with other heuristic strategies.

Cognitive Radio Networks (CRNs) promise efficient spectrum utilization by operating over the unused frequencies where Vehicular Ad-hoc Networks (VANETs) facilitate information exchanging among vehicles to avoid accidents, collisions, congestion, etc. Thus, CR enabled vehicular networks (CR-VANETs), a thriving area in wireless communication research, can be the enabler of Intelligent Transportation Systems (ITS) and autonomous driver-less vehicles. Similar to others, efficient and reliable communication in CR-VANETs is vital. Besides, security in such networks may exhibit unique characteristics for overall data transmission performance. For efficient and reliable communication, the proposed routing protocol considers the mobility patterns, spectrum availability, and trustworthiness to be the routing metrics. Hence, the protocol considers the vehicle's speed, mobility direction, inter-vehicles distance, and node's reliability to estimate the mobility patterns of a node. Besides, a trust-based reliability factor is also introduced to ensure secure communications by detecting malicious nodes or other external threats. Therefore, the proposed protocol detects malicious nodes by establishing trustworthiness among nodes and preserves security. Simulation is conducted for performance evaluation that shows the proposed routing selects the efficient routing path by discarding malicious nodes from the network and outperforms the existing routing protocols.

We showcase the capabilities of V2Verifier, a new open-source software-defined radio (SDR) testbed for vehicle-to-vehicle (V2V) communications security, to expose the strengths and vulnerabilities of current V2V security systems based on the IEEE 1609.2 standard. V2Verifier supports both major V2V technologies and facilitates a broad range of experimentation with upper- and lower-layer attacks using a combination of SDRs and commercial V2V on-board units (OBUs). We demonstrate two separate attacks (jamming and replay) against Dedicated Short Range Communication (DSRC) and Cellular Vehicle-to-Everything (C-V2X) technologies, experimentally quantifying the threat posed by these types of attacks. We also use V2Verifier's open-source implementation to show how the 1609.2 standard can effectively mitigate certain types of attacks (e.g., message replay), facilitating further research into the security of V2V.