Biblio

When users in various web and mobile applications enjoy the convenience of recommendation systems, they are vulnerable to attribute inference attacks. The accumulating online behaviors of users (e.g., clicks, searches, ratings) naturally brings out user preferences, and poses an inevitable threat of privacy that adversaries can infer one's private profiles (e.g., gender, sexual orientation, political view) with AI-based algorithms. Existing defense methods assume the existence of a trusted third party, rely on computationally intractable algorithms, or have impact on recommendation utility. These imperfections make them impractical for privacy preservation in real-life scenarios. In this work, we introduce BiasBooster, a practical proactive defense method based on behavior segmentation, to protect user privacy against attribute inference attacks from user behaviors, while retaining recommendation utility with a heuristic recommendation aggregation module. BiasBooster is a user-centric approach from client side, which proactively divides a user's behaviors into weakly related segments and perform them with several dummy identities, then aggregates real-time recommendations for user from different dummy identities. We estimate its effectiveness of preservation on both privacy and recommendation utility through extensive evaluations on two real-world datasets. A Chrome extension is conducted to demonstrate the feasibility of applying BiasBooster in real world. Experimental results show that compared to existing defenses, BiasBooster substantially reduces the averaged accuracy of attribute inference attacks, with minor utility loss of recommendations.

Collaborative Filtering (CF) is a popular recommendation system that makes recommendations based on similar users' preferences. Though it is widely used, CF is prone to Shilling/Profile Injection attacks, where fake profiles are injected into the CF system to alter its outcome. Most of the existing shilling attacks do not work on online systems and cannot be efficiently implemented in real-world applications. In this paper, we introduce an efficient Multi-Armed-Bandit-based reinforcement learning method to practically execute online shilling attacks. Our method works by reducing the uncertainty associated with the item selection process and finds the most optimal items to enhance attack reach. Such practical online attacks open new avenues for research in building more robust recommender systems. We treat the recommender system as a black box, making our method effective irrespective of the type of CF used. Finally, we also experimentally test our approach against popular state-of-the-art shilling attacks.

Many cloud services perform periodic database backup to keep the data safe from failures such as sudden system crashes. In the database system, two techniques are widely used for data backup and recovery: a physical backup and a logical backup. The physical backup uses raw data by copying the files in the database, whereas the logical backup extracts data from the database and dumps it into separated files as a sequence of query statements. Both techniques support a full backup strategy that contains data of the entire database and incremental backup strategy that contains changed data since a previous backup. However, both strategies require additional I/O operations to perform the backup and need a long time to restore a backup. In this paper, we propose an efficient backup and recovery scheme by exploiting write-ahead logging (WAL) in database systems. In the proposed scheme, for backup, we devise a backup system to use log data generated by the existing WAL to eliminate the additional I/O operations. To restore a backup, we utilize and optimize the existing crash recovery procedure of WAL to reduce recovery time. For example, we divide the recovery range and applying the backup data for each range independently via multiple threads. We implement our scheme in MySQL, a popular database management system. The experimental result demonstrates that the proposed scheme provides instant backup while reducing recovery time compared with the existing schemes.

Due to high availability and easy accessibility of information, it has become quite difficult to assure security of data. Even though watermarking seems to be an effective solution to protect data, it is still challenging to be used with relational databases. Moreover, inserting a watermark in database may lead to distortion. As a result, the contents of database can no longer remain useful. Our proposed distortion-free watermarking approach ensures that integrity of database can be preserved by generating an image watermark from its contents. This image is registered with Certification Authority (CA) before the database is distributed for use. In case, the owner suspects any kind of tampering in the database, an image watermark is generated and compared with the registered image watermark. If both do not match, it can be concluded that the integrity of database has been compromised. Experiments are conducted on Forest Cover Type data set to localize tampering to the finest granularity. Results show that our approach can detect all types of attack with 100% accuracy.

In this digital era, the usage of technology has increased rapidly and led to the deployment of more innovative technologies for storing and transferring the generated data. The most important aspect of the emerging communication technologies is to ensure the safety and security of the generated huge amount of data. Hence, cryptography is considered as a pathway that can securely transfer and save the data. Cryptography comprises of ciphers that act like an algorithm, where the data is encrypted at the source and decrypted at the destination. This paper comprises of two ciphers namely PRESENT and AES ciphers. In the real-time applications, AES is no more relevant especially for segmenting the organizations that leverage RFID, Sensors and IoT devices. In order to overcome the strategic issues faced by these organization, PRESENT ciphers work appropriately with its super lightweight block figure, which has the equivalent significance to both security and equipment arrangements. This paper compares the AES (Advance encryption standard) symmetric block cipher with PRESENT symmetric block cipher to leverage in the industries mentioned earlier, where the huge consumption of resources becomes a significant factor. For the comparison of different ciphers, the results of area, timing analysis and the waveforms are taken into consideration.

Keystroke Inference has been a hot topic since it poses a severe threat to our privacy from typing. Existing learning-based Keystroke Inference suffers the domain adaptation problem because the training data (from attacker) and the test data (from victim) are generally collected in different environments. Recently, Optimal Transport (OT) is applied to address this problem, but suffers the “ground metric” limitation. In this work, we propose a novel method, OTDA, by incorporating Discriminant Analysis into OT through an iterative learning process to address the ground metric limitation. By embedding OTDA into a vibration-based Keystroke Inference platform, we conduct extensive studies about domain adaptation with different factors, such as people, keyboard position, etc.. Our experiment results show that OTDA can achieve significant performance improvement on classification accuracy, i.e., outperforming baseline by 15% to 30%, state-of-the-art OT and other domain adaptation methods by 10% to 20%.

Embedded Systems (ES) development has been historically focused on functionality rather than security, and today it still applies in many sectors and applications. However, there is an increasing number of security threats over ES, and a successful attack could have economical, physical or even human consequences, since many of them are used to control critical applications. A standardized and general accepted security testing framework is needed to provide guidance, common reporting forms and the possibility to compare the results along the time. This can be achieved by introducing security metrics into the evaluation or assessment process. If carefully designed and chosen, metrics could provide a quantitative, repeatable and reproducible value that would reflect the level of security protection of the ES. This paper analyzes the features that a good security metric should exhibit, introduces a taxonomy for classifying them, and finally, it carries out a literature survey on security metrics for the security evaluation of ES. In this review, more than 500 metrics were collected and analyzed. Then, they were reduced to 169 metrics that have the potential to be applied to ES security evaluation. As expected, the 77.5% of them is related exclusively to software, and only the 0.6% of them addresses exclusively hardware security. This work aims to lay the foundations for constructing a security evaluation methodology that uses metrics so as to quantify the security level of an ES.

Blackhole (BH) attacks are one of the most serious threats in mobile ad-hoc networks. A BH is a security attack in which a malicious node absorbs data packets and sends fake routing information to neighboring nodes. BH attacks are widely studied. However, existing defense methods wrongfully assume that BH attacks cannot overcome the most common defense approaches. A new wave of BH attacks is known as smart BH attacks. In this study, we used a highly aggressive type of BH attack that can predict sequence numbers to overcome traditional detection methods that set a threshold to sequence numbers. To protect the network from this type of BH attack, we propose a detection-and-prevention method that uses local information shared with neighboring nodes. Our experiments show that the proposed method successfully detects and contains even smart BH threats. Consequently, the attack success rate decreases.

The dynamic and adaptable characteristics of mobile ad hoc networks have made it a significant field for deploying various applications in wireless sensor networks. Increasing popularity of the portable devices is the main reason for the development of mobile ad hoc networks. Furthermore, the network does not require a fixed architecture and it is easy to deploy. This type of network is highly vulnerable to cyber-attacks as the nodes communicate with each other through a Wireless medium. The most critical attack in ad hoc network is jellyfish attack. In this research we have proposed a Direct Trust-based Detection Algorithm to detect and prevent jellyfish attack in MANET.

Lightweight virtualization represented by container technology provides a virtual environment for cloud services with more flexibility and efficiency due to the kernel-sharing property. However, the shared kernel also means that the system isolation mechanisms are incomplete. Attackers can scan the shared system configuration files to explore vulnerabilities for launching attacks. Previous works mainly eliminate the problem by fixing operating systems or using access control policies, but these methods require significant modifications and cannot meet the security needs of individual containers accurately. In this paper, we present ConfigRand, a moving target defense framework to prevent the information leakages due to the shared kernel in the container-based cloud. The ConfigRand deploys deceptive system configurations for each container, bounding the scan of attackers aimed at the shared kernel. In design of ConfigRand, we (1) propose a framework applying the moving target defense philosophy to periodically generate, distribute, and deploy the deceptive system configurations in the container-based cloud; (2) establish a model to formalize these configurations and quantify their heterogeneity; (3) present a configuration movement strategy to evaluate and optimize the variation of configurations. The results show that ConfigRand can effectively prevent the information leakages due to the shared kernel and apply to typical container applications with minimal system modification and performance degradation.

With the wild applications of machine learning (ML) technology, automatic speech recognition (ASR) has made great progress in recent years. Despite its great potential, there are various evasion attacks of ML-based ASR, which could affect the security of applications built upon ASR. Up to now, most studies focus on white-box attacks in ASR, and there is almost no attention paid to black-box attacks where attackers can only query the target model to get output labels rather than probability vectors in audio domain. In this paper, we propose an evasion attack against ASR in the above-mentioned situation, which is more feasible in realistic scenarios. Specifically, we first train a substitute model by using data augmentation, which ensures that we have enough samples to train with a small number of times to query the target model. Then, based on the substitute model, we apply Differential Evolution (DE) algorithm to craft adversarial examples and implement black-box attack against ASR models from the Speech Commands dataset. Extensive experiments are conducted, and the results illustrate that our approach achieves untargeted attacks with over 70% success rate while still maintaining the authenticity of the original data well.

Attribute-based encryption received widespread attention as soon as it was proposed. However, due to its specific characteristics, some restrictions on attribute set are not flexible enough in actual operation. In addition, since access authorities are determined according to users' attributes, users sharing the same attributes are difficult to be distinguished. Once a malicious user makes illicit gains by their decryption authorities, it is difficult to track down specific user. This paper follows practical demands to propose a more flexible key-policy attribute-based encryption scheme with black-box traceability. The scheme has a constant size of public parameters which can be utilized to construct attribute-related parameters flexibly, and the method of traitor tracing in broadcast encryption is introduced to achieve effective malicious user tracing. In addition, the security and feasibility can be proved by the security proofs and performance evaluation in this paper.

Over the years, public health has faced a large number of challenges like COVID-19. Medical cloud computing is a promising method since it can make healthcare costs lower. The computation of health data is outsourced to the cloud server. If the encrypted medical data is not decrypted, it is difficult to search for those data. Many researchers have worked on searchable encryption schemes that allow executing searches on encrypted data. However, many existing works support single-keyword search. In this article, we propose a patient-centered fine-grained attribute-based encryption scheme with multi-keyword search (CP-ABEMKS) for medical cloud computing. First, we leverage the ciphertext-policy attribute-based technique to construct trapdoors. Then, we give a security analysis. Besides, we provide a performance evaluation, and the experiments demonstrate the efficiency and practicality of the proposed CP-ABEMKS.

Mobile data offloading using opportunistic network has recently gained its significance to increase mobile data needs. Such offloaders need to be properly incentivized to encourage more and more users to act as helpers in such networks. The extent of help offered by mobile data offloading alternatives using appropriate incentive mechanisms is significant in such scenarios. The limitation of existing incentive mechanisms is that they are partial in implementation while most of them use third party intervention based derivation. However, none of the papers considers trust as an essential factor for incentive distribution. Although few works contribute to the trust analysis, but the implementation is limited to offloading determination only while the incentive is independent of trust. We try to investigate if trust could be related to the Nash equilibrium based incentive evaluation. Our analysis results show that trust-based incentive distribution encourages more than 50% offloaders to act positively and contribute successfully towards efficient mobile data offloading. We compare the performance of our algorithm with literature based salary-bonus scheme implementation and get optimum incentive beyond 20% dependence over trust-based output.

In the Ubiquitous Electric Internet of Things (UEIoT), the terminals are very easy to be accessed and attacked by attackers due to the lack of effective monitoring and safe isolation methods. Therefore, in the implementation of UEIoT, the security protection of terminals is particularly important. Therefore, this paper proposes a dual-system design scheme for terminal active immunity based on trusted computing. In this scheme, the terminal node in UEIoT is composed of two parts: computing part and trusted protection part. The computing component and the trusted protection component are logically independent of each other, forming a trusted computing active immune dual-system structure with both computing and protection functions. The Trusted Network Connection extends the trusted state of the terminal to the network, thus providing a solution for terminal secure access in the UEIoT.

The precise integrative control between the stereoscopic image and the tactile feedback is very essential in augmented reality[1]-[4]. In order to study this question, this paper will introduce a stereoscopic-imaging and tactile integrative augmented-reality system, and a stereoscopic-imaging and tactile integrative algorithm. The system includes a stereoscopic-imaging part and a string-based tactile part. The integrative algorithm is used to precisely control the interaction between the two parts. The results for testing the system and the algorithm demonstrate the system to be perfect through 5 testers' operation and will be presented in the last part of the paper.

With the development of business, management companies are currently facing a series of problems and challenges in terms of resource allocation and task management. In terms of the technical route, this research will use cloud services to implement the public honesty system, and carry out secondary development and interface development on this basis, the architecture design and the formulation of the process are realized for various types, relying on the support of the knowledge base and case library, through the system intelligent configuration corresponding work instructions, safety work instructions, case references and other reference information to the existing work plan to provide managers Reference; managers can configure and adjust the work content by themselves through specific requirements to efficiently and flexibly adapt to the work content.

A synthetic aperture radar (SAR) target detection method based on the fusion of multiscale superpixel segmentations is proposed in this paper. SAR images are segmented between land and sea firstly by using superpixel technology in different scales. Secondly, image segmentation results together with the constant false alarm rate (CFAR) detection result are coalesced. Finally, target detection is realized by fusing different scale results. The effectiveness of the proposed algorithm is tested on Sentinel-1A data.

On the current website, there are many undeniable conditions and there is the existence of new plot holes. If data link is normally extracted on each of the websites, it becomes difficult to evaluate each vulnerability, with tolls such as XS S, SQLI, and other such existing tools for vulnerability assessment. Integrated testing criteria for vulnerabilities are met. In addition, the response should be automated and systematic. The primary value of vulnerability Buffer will be made of predefined and self-formatted code written in python, and the software is automated to send reports to their respective users. The vulnerabilities are tried to be classified as accessible. OWASP is the main resource for developing and validating web security processes.

Online detection of anomalies is crucial to enhancing the reliability and resiliency of power systems. We propose a novel data-driven online event detection algorithm with synchrophasor data using graph signal processing. In addition to being extremely scalable, our proposed algorithm can accurately capture and leverage the spatio-temporal correlations of the streaming PMU data. This paper also develops a general technique to decouple spatial and temporal correlations in multiple time series. Finally, we develop a unique framework to construct a weighted adjacency matrix and graph Laplacian for product graph. Case studies with real-world, large-scale synchrophasor data demonstrate the scalability and accuracy of our proposed event detection algorithm. Compared to the state-of-the-art benchmark, the proposed method not only achieves higher detection accuracy but also yields higher computational efficiency.

The personal health record has been shared and preserved easily with cloud core storage. Privacy and security have been one of the main demerits of core CloudHealthData storage. By increasing the security concerns in this paper experimented Operative Access Regulator for Attribute Based Generalized Signcryption Using rough set theory. By using rough set theory, the classifications of the attribute have been improved as well as the compulsory attribute has been formatted for decrypting process by using reduct and core. The Generalized signcryption defined priority wise access to diminish the cost and rise the effectiveness of the proposed model. The PHR has been stored under the access priorities of Signature only, encryption only and signcryption only mode. The proposed ABGS performance fulfills the secrecy, authentication and also other security principles.

The goal of this project is to create a realistic VR experience of solitary confinement and study its impact on users. Although there have been active debates and studies on this subject, very few people have personal experience of solitary confinement. Our first aim is to create such an experience in VR to raise the awareness of solitary confinement. We also want to conduct user studies to compare the VR solitary confinement experience with other types of media experiences, such as films or personal narrations. Finally, we want to study people’s sense of time in such a VR environment.

To achieve a fine-grained access control function and guarantee the data confidentiality in the cloud storage environment, ciphertext policy attribute-based encryption (CP-ABE) has been widely implemented. However, due to the high computation and communication overhead, the nature of CP-ABE mechanism makes it difficult to be adopted in resource constrained terminals. Furthermore, the way of realizing varying levels of undo operations remains a problem. To this end, the access matrix that satisfies linear secret sharing scheme (LSSS) was optimized with Cauchy matrix, and then a user-level revocation scheme based on Chinese Remainder Theorem was proposed. Additionally, the attribute level revocation scheme which is based on the method of key encrypt key (KEK) and can help to reduce the storage overhead has also been improved.

With the progressive development of web applications and the urgent requirement of web security, vulnerability scanner has been particularly emphasized, which is regarded as a fundamental component for web security assurance. Various scanners are developed with the intention of that discovering the possible vulnerabilities in advance to avoid malicious attacks. However, most of them only focus on the vulnerability detection with single target, which fail in satisfying the efficiency demand of users. In this paper, an effective web vulnerability scanner that integrates the information collection with the vulnerability detection is proposed to verify whether the target web application is vulnerable or not. The experimental results show that, by guiding the detection process with the useful collected information, our tool achieves great web vulnerability detection capability with a large scanning scope.

Automatic vulnerability detection is challenging. In this paper, we report our in-progress work of vulnerability prediction based on graph neural network (GNN). We propose a general GNN-based framework for predicting the vulnerabilities in program functions. We study the different instantiations of the framework in representative program graph representations, initial node encodings, and GNN learning methods. The preliminary experimental results on a representative benchmark indicate that the GNN-based method can improve the accuracy and recall rates of vulnerability prediction.