Biblio

With the booming of Internet technology, the continuous emergence of new technologies and new algorithms greatly expands the application boundaries of cyberspace. While enjoying the convenience brought by informatization, the society is also facing increasingly severe threats to the security of cyberspace. In cyber security defense, cyberspace operators rely on the discovered vulnerabilities, attack patterns, TTPs, and other knowledge to observe, analyze and determine the current threats to the network and security situation in cyberspace, and then make corresponding decisions. However, most of such open-source knowledge is distributed in different data sources in the form of text or web pages, which is not conducive to the understanding, query and correlation analysis of cyberspace operators. In this paper, a knowledge graph for cyber security is constructed to solve this problem. At first, in the process of obtaining security data from multi-source heterogeneous cyberspaces, we adopt efficient crawler to crawl the required data, paving the way for knowledge graph building. In order to establish the ontology required by the knowledge graph, we abstract the overall framework of security data sources in cyberspace, and depict in detail the correlations among various data sources. Then, based on the \$$\backslash$mathbfOWL +$\backslash$mathbfSWRL\$ language, we construct the cyber security knowledge graph. On this basis, we design an analysis system for situation in cyberspace based on knowledge graph and the Snort intrusion detection system (IDS), and study the rules in Snort. The system integrates and links various public resources from the Internet, including key information such as general platforms, vulnerabilities, weaknesses, attack patterns, tactics, techniques, etc. in real cyberspace, enabling the provision of comprehensive, systematic and rich cyber security knowledge to security researchers and professionals, with the expectation to provide a useful reference for cyber security defense.

Arbitrary style transfer refers to generate a new image based on any set of existing images. Meanwhile, the generated image retains the content structure of one and the style pattern of another. In terms of content retention and style transfer, the recent arbitrary style transfer algorithms normally perform well in one, but it is difficult to find a trade-off between the two. In this paper, we propose the Deep Content Guidance Network (DCGN) which is stacked by content guidance (CG) layers. And each CG layer involves one position self-attention (pSA) module, one channel self-attention (cSA) module and one content guidance attention (cGA) module. Specially, the pSA module extracts more effective content information on the spatial layout of content images and the cSA module makes the style representation of style images in the channel dimension richer. And in the non-local view, the cGA module utilizes content information to guide the distribution of style features, which obtains a more detailed style expression. Moreover, we introduce a new permutation loss to generalize feature expression, so as to obtain abundant feature expressions while maintaining content structure. Qualitative and quantitative experiments verify that our approach can transform into better stylized images than the state-of-the-art methods.

In the multivariable fault diagnosis of industrial process, due to the existence of correlation between variables, the result of fault diagnosis will inevitably appear "smearing" effect. Although the fault diagnosis method based on the contribution of multi-dimensional reconstruction is helpful when multiple faults occur. But in order to correctly isolate all the fault variables, this method will become very inefficient due to the combination of variables. In this paper, a fault diagnosis method based on kNN and MRBC is proposed to fundamentally avoid the corresponding influence of "smearing", and a fast variable selection strategy is designed to accelerate the process of fault isolation. Finally, simulation study on a benchmark process verifies the effectiveness of the method, in comparison with the traditional method represented by FDA-based method.

Unforeseen situations on the shopfloor cause the assembly process to divert from its expected progress. To be able to overcome these deviations in a timely manner, assembly process monitoring and early deviation detection are necessary. However, legal regulations and union policies often limit the direct monitoring of human-intensive assembly processes. Grounded in an industry use case, this paper outlines a novel approach that, based on indirect privacy-respecting monitored data from the shopfloor, enables the near real-time detection of multiple types of process deviations. In doing so, this paper specifically addresses uncertainties stemming from indirect shopfloor observations and how to reason in their presence.

Fuzzing is a promising method for discovering vulnerabilities. Recently, various techniques are developed to improve the efficiency of fuzzing, and impressive gains are observed in evaluation results. However, evaluation is complex, as many factors affect the results, for example, test suites, baseline and metrics. Even more, most experiment setups are lab-oriented, lacking industrial settings such as large code-base and parallel runs. The correlation between the academic evaluation results and the bug-finding ability in real industrial settings has not been sufficiently studied. In this paper, we test representative fuzzing techniques to reveal their efficiency in industrial settings. First, we apply typical fuzzers on academic widely used small projects from LAVAM suite. We also apply the same fuzzers on large practical projects from Google's fuzzer-test-suite, which is rarely used in academic settings. Both experiments are performed in both single and parallel run. By analyzing the results, we found that most optimizations working well on LAVA-M suite fail to achieve satisfying results on Google's fuzzer-test-suite (e.g. compared to AFL, QSYM detects 82x more synthesized bugs in LAVA-M, but only detects 26% real bugs in Google's fuzzer-test-suite), and the original AFL even outperforms most academic optimization variants in industry widely used parallel runs (e.g. AFL covers 13% more paths than AFLFast). Then, we summarize common pitfalls of those optimizations, analyze the corresponding root causes, and propose potential directions such as orchestrations and synchronization to overcome the problems. For example, when running in parallel on those large practical projects, the proposed horizontal orchestration could cover 36%-82% more paths, and discover 46%-150% more unique crashes or bugs, compared to fuzzers such as AFL, FairFuzz and QSYM.

We study communication systems based on chaotic time-delayed feedback generator. The aim of the study is a comparative assessment of the noise immunity for the four different communication systems at the same levels of the external noise. It is shown that the principle of correlation receiver, which is used in classical communication systems, can be also used in the case where chaotic signals generated by self-oscillating systems with complex behavior are used as reference signals. Systems based on the correlation receiver principles have very high immunity to the external noise.

Background: Researchers and practitioners have been using code complexity metrics for decades to predict how developers comprehend a program. While it is plausible and tempting to use code metrics for this purpose, their validity is debated, since they rely on simple code properties and rarely consider particularities of human cognition. Aims: We investigate whether and how code complexity metrics reflect difficulty of program comprehension. Method: We have conducted a functional magnetic resonance imaging (fMRI) study with 19 participants observing program comprehension of short code snippets at varying complexity levels. We dissected four classes of code complexity metrics and their relationship to neuronal, behavioral, and subjective correlates of program comprehension, overall analyzing more than 41 metrics. Results: While our data corroborate that complexity metrics can-to a limited degree-explain programmers' cognition in program comprehension, fMRI allowed us to gain insights into why some code properties are difficult to process. In particular, a code's textual size drives programmers' attention, and vocabulary size burdens programmers' working memory. Conclusion: Our results provide neuro-scientific evidence supporting warnings of prior research questioning the validity of code complexity metrics and pin down factors relevant to program comprehension. Future Work: We outline several follow-up experiments investigating fine-grained effects of code complexity and describe possible refinements to code complexity metrics.

In most correlation filter target tracking algorithms, poor accuracy in the tracking process for complex field images of the target and scale change problems. To address these issues, this paper proposes an algorithm of adaptive multi-feature fusion with scale change correlation filtering tracking. Our algorithm is based on the rapid and simple Kernel-Correlated Filtering(K CF) tracker, and achieves the complementarity among image features by fusing multiple features of Color Nmae(CN), Histogram of Oriented Gradient(HOG) and Local Binary Pattern(LBP) with weights adjusted by visual evaluation functions. The proposed algorithm introduces scale pooling and bilinear interpolation to adjust the target template size. Experiments on the OTB-2015 dataset of 100 video frames are compared with several trackers, and the precision and success ratio of our algorithm on complex scene tracking problems are 17.7% and 32.1 % respectively compared to the based-KCF.

Adaptive feedback cancellation (AFC) method is widely adopted for the purpose of reducing the adverse effects of acoustic feedback on the sound reinforcement systems. However, since the existence of forward path results in the correlation between the source signal and the feedback signal, the source signal is mistakenly considered as the feedback signal to be eliminated by adaptive filter when it is colored, which leads to a inaccurate prediction of the acoustic feedback signal. In order to solve this problem, prediction error method is introduced in this paper to remove the correlation between the source signal and the feedback signal. Aiming at the dilemma of Modified Least Mean Square (MLMS) algorithm in choosing between prediction speed and prediction accuracy, an improved MLMS algorithm with a variable step-size scheme is proposed. Simulation examples are applied to show that the proposed algorithm can obtain more accurate prediction of acoustic feedback signal in a shorter time than the MLMS algorithm.

In recent years, one of the important and interesting tasks has become the protection of civilian and military objects from unmanned aerial vehicles (UAVs) carrying a potential threat. To solve this problem, it is required to detect UAVs and activate protective systems. UAVs can be represented as aerodynamic objects of the monoplane or multicopter type with acoustic fingerprints. In this paper we consider algorithm for UAV acoustic detection and recognition system. Preliminary results of analysis of experimental data show effectiveness of proposed approach.

Nowadays energy systems in many countries improve and develop being based on the concept of deep integration of energy as well as infocomm grids. Thus, energy grids find the possibility to analyze the state of the whole system in real time, to predict the processes in it, to have interactive cooperation with the clients and to run the appliance. Such concept has been named Smart Grid. This work highlights the concept of Smart Grid, possible vectors of attacks and identification of attack of false data injection (FDI) into the flow of measuring received from the sensors. Identification is based on the use of spatial and temporal correlations in Smart Grids.

Summary form only given, as follows. The complete presentation was not made available for publication as part of the conference proceedings. Banking, defence applications and cryptosystems often demand security features, including cryptography, tamper resistance, stealth, and etc., by means of hardware approaches and/or software approaches to prevent data leakages. The hardware physical attacks or commonly known as side channel attacks have been employed to extract the secret keys of the encrypted algorithms implemented in hardware devices by analyzing their physical parameters such as power dissipation, electromagnetic interference and timing information. Altered functions or unauthorized modules may be added to the circuit design during the shipping and manufacturing process, bringing in security threats to the deployed systems. In this presentation, we will discuss hardware assurance from both device level and circuit level, and present how machine learning techniques can be utilized. At the device level, we will first provide an overview of the different cryptography algorithms and present the side channel attacks, particularly the powerful Correlation Power Analysis (CPA) and Correlation Electromagnetic Analysis (CEMA) with a leakage model that can be used to reveal the secret keys of the cryptosystems. We will then discuss several countermeasure techniques and present how highly secured microchips can be designed based on these techniques. At the circuit level, we will provide an overview of manufactured IC circuit analysis through invasive IC delayering and imaging. We then present several machine learning techniques that can be efficiently applied to the retrieval of circuit contact points and connections for further netlist/functional analysis.

The identification of spectrum opportunities is a pivotal requirement for efficient spectrum utilization in cognitive radio systems. Spectrum prediction offers a convenient means for revealing such opportunities based on the previously obtained occupancies. As spectrum occupancy states are correlated over time, spectrum prediction is often cast as a predictable time-series process using classical or deep learning-based models. However, this variety of methods exploits time-domain correlation and overlooks the existing correlation over frequency. In this paper, differently from previous works, we investigate a more realistic scenario by exploiting correlation over time and frequency through a 2D-long short-term memory (LSTM) model. Extensive experimental results show a performance improvement over conventional spectrum prediction methods in terms of accuracy and computational complexity. These observations are validated over the real-world spectrum measurements, assuming a frequency range between 832-862 MHz where most of the telecom operators in Turkey have private uplink bands.

The paper addresses the issue of providing information security to wireless sensor networks using Security Information and Event Management (SIEM) methodology along with multi-agent approach. The concept of wireless sensor networks and providing their information security, including construction of SIEM system architecture, SIEM analysis methodologies and its main features, are considered. The proposed approach is to integrate SIEM system methodology with a multi-agent architecture which includes data collecting agents, coordinating agent (supervisor) and local Intrusion Detection Systems (IDSs) based on artificial immune system mechanisms. Each IDS is used as an agent that performs a primary analysis and sends information about suspicious activity to the server. The server performs correlation analysis, identifies the most significant incidents, and helps to prioritize the incident response. The presented results of computational experiments confirm the effectiveness of the proposed approach.

False data injection attack (FDIA) is a real threat to smart grids due to its wide range of vulnerabilities and impacts. Designing a proper detection scheme for FDIA is the 1stcritical step in defending the attack in smart grids. In this paper, we investigate two main statistical techniques-based approaches in this regard. The first is based on the principal component analysis (PCA), and the second is based on the canonical correlation analysis (CCA). The test cases illustrate a better characterization performance of FDIA using CCA compared to the PCA. Further, CCA provides a better differentiation of FDIA from normal grid contingencies. On the other hand, PCA provides a significantly reduced false alarm rate.

The internal structure of the flexible-DC transformer is complicated and the lack of a reliable vibration calculation model limits the application of the vibration analysis method in the fault diagnosis of the flexible-DC transformer. In response to this problem, this paper analyzes the correlation between the vibration signals of multiple measuring points and establishes a ``black box'' model of transformer vibration detection. Using the correlation analysis of multiple measuring points and BP neural network, a ``black box'' model that simulates the internal vibration transmission relationship of the transformer is established. The vibration signal of the multiple measuring points can be used to calculate the vibration signal of the target measuring point under specific working conditions. This can provide effective information for fault diagnosis and judgment of the running status of the flexible-DC transformer.

Current programming models for developing Internet of Things (IoT) applications are logically centralized and ill-suited for most IoT applications. We contribute Protocols over Things, a decentralized programming model that represents an IoT application via a protocol between the parties involved and provides improved performance over network-level delivery guarantees.

With a massive amount of wireless sensor nodes in Internet of Things (IoT), it is difficult to establish key distribution and management mechanism for traditional encryption technology. Alternatively, the physical layer key generation technology is promising to implement in IoT, since it is based on the principle of information-theoretical security and has the advantage of low complexity. Most existing key generation schemes assume that eavesdropping channels are independent of legitimate channels, which may not be practical especially when eavesdropper nodes are near to legitimate nodes. However, this paper investigates key generation problems for a multi-relay wireless network in IoT, where the correlation between eavesdropping and legitimate channels are considered. Key generation schemes are proposed for both non-colluding and partially colluding eavesdroppers situations. The main idea is to divide the key agreement process into three phases: 1) we first generate a secret key by exploiting the difference between the random channels associated with each relay node and the eavesdropping channels; 2) another key is generated by integrating the residual common randomness associated with each relay pair; 3) the two keys generated in the first two phases are concatenated into the final key. The secrecy key performance of the proposed key generation schemes is also derived with closed-forms.

Encryption has become an important need for each and every data transmission. Large amount of delicate data is transferred regularly through different computer networks such as e-banking, email applications and file exchange. Cryptanalysis is study of analyzing the hidden information in the system. The process of cryptanalysis could be done by various features such as power, sound, electromagnetic radiation etc. Lightweight cryptography plays an important role in the IoT devices. It includes various appliances, vehicles, smart sensors and RFID-tags (RFID). PRESENT is one such algorithm, designed for resource constrained devices. This requires less memory and consumes less power. The project propounds a model in which the cryptographic keys are analyzed by the trace of power.

The privacy issue in data publication is critical and has been extensively studied. However, most of the existing works assume the data to be published is independent, i.e., the correlation among data is neglected. The correlation is unavoidable in data publication, which universally manifests intrinsic correlations owing to social, behavioral, and genetic relationships. In this paper, we investigate the privacy concern of data publication where deterministic and probabilistic correlations are considered, respectively. Specifically, (ε,δ)-multi-dimensional data-privacy (MDDP) is proposed to quantify the correlated data privacy. It characterizes the disclosure probability of the published data being jointly estimated with the correlation under a given accuracy. Then, we explore the effects of deterministic correlations on privacy disclosure. For deterministic correlations, it is shown that the successful disclosure rate with correlations increases compared to the one without knowing the correlation. Meanwhile, a closed-form solution of the optimal disclosure probability and the strict bound of privacy disclosure gain are derived. Extensive simulations on a real dataset verify our analytical results.

The dummy-based method has been commonly used to protect the users location privacy in location-based services, since it can provide precise results and generally do not rely on a third party or key sharing. However, the close spatiotemporal correlation between the consecutively reported locations enables the adversary to identify some dummies, which lead to the existing dummy-based schemes fail to protect the users location privacy completely. To address this limit, this paper proposes a new algorithm to produce dummy location by generating dummy trajectory, which naturally takes into account of the spatiotemporal correlation all round. Firstly, the historical trajectories similar to the user's travel route are chosen as the dummy trajectories which depend on the distance between two trajectories with the help of home gateway. Then, the dummy is generated from the dummy trajectory by taking into account of time reachability, historical query similarity and the computation of in-degree/out-degree. Security analysis shows that the proposed scheme successfully perturbs the spatiotemporal correlation between neighboring location sets, therefore, it is infeasible for the adversary to distinguish the users real location from the dummies. Furthermore, extensive experiments indicate that the proposal is able to protect the users location privacy effectively and efficiently.

The key feature of NDN is in-network caching that every router has its cache to store data for future use, thus improve the usage of the network bandwidth and reduce the network latency. However, in-network caching increases the security risks - cache pollution attacks (CPA), which includes locality disruption (ruining the cache locality by sending random requests for unpopular contents to make them popular) and False Locality (introducing unpopular contents in the router's cache by sending requests for a set of unpopular contents). In this paper, we propose a machine learning method, named Triangle Area Based Multivariate Correlation Analysis (TAB-MCA) that detects the cache pollution attacks in NDN. This detection system has two parts, the triangle-area-based MCA technique, and the threshold-based anomaly detection technique. The TAB-MCA technique is used to extract hidden geometrical correlations between two distinct features for all possible permutations and the threshold-based anomaly detection technique. This technique helps our model to be able to distinguish attacks from legitimate traffic records without requiring prior knowledge. Our technique detects locality disruption, false locality, and combination of the two with high accuracy. Implementation of XC-topology, the proposed method shows high efficiency in mitigating these attacks. In comparison to other ML-methods, our proposed method has a low overhead cost in mitigating CPA as it doesn't require attackers' prior knowledge. Additionally, our method can also detect non-uniform attack distributions.

Cloud computing provides an appearing application for compelling vision in managing big-data files and responding queries over a distributed cloud platform. To overcome privacy revealing risks, sensitive documents and private data are usually stored in the clouds in a cipher-based manner. However, it is inefficient to search the data in traditional encryption systems. Searchable encryption is a useful cryptographic primitive to enable users to retrieve data in ciphertexts. However, the traditional searchable encryptions provide lower search efficiency and cannot carry out fuzzy multikeyword queries. To solve this issue, in this article, we propose a searchable encryption that supports privacy-preserving fuzzy multikeyword search (SE-PPFM) in cloud systems, which is built by asymmetric scalar-product-preserving encryptions and Hadamard product operations. In order to realize the functionality of efficient fuzzy searches, we employ Word2vec as the primitive of machine learning to obtain a fuzzy correlation score between encrypted data and queries predicates. We analyze and evaluate the performance in terms of token of multikeyword, retrieval and match time, file retrieval time and matching accuracy, etc. The experimental results show that our scheme can achieve a higher efficiency in fuzzy multikeyword ciphertext search and provide a higher accuracy in retrieving and matching procedure.

In the application scenarios of cloud computing, big data, and mobile Internet, covert and diverse network attacks have become a serious problem that threatens the security of enterprises and personal information assets. Abnormal network behaviour detection based on network behaviour characteristics has become an important means to protect network security. However, existing frameworks do not make full use of the characteristics of the correlation between continuous network behaviours, and do not use an algorithm that can process time-series data or process the original feature set into time-series data to match the algorithm. This paper proposes a time-series abnormal network behaviour detection framework. The framework consists of two parts: an algorithm model (DBN-BiGRU) that combines Deep Belief Network (DBN) and Bidirectional Gated Recurrent Unit (BiGRU), and a pre-processing scheme that processes the original feature analysis files of CICIDS2017 to good time-series data. This detection framework uses past and future behaviour information to determine current behaviours, which can improve accuracy, and can adapt to the large amount of existing network traffic and high-dimensional characteristics. Finally, this paper completes the training of the algorithm model and gets the test results. Experimental results show that the prediction accuracy of this framework is as high as 99.82%, which is better than the traditional frameworks that do not use time-series information.

The algorithm of causal anomaly detection in industrial control physics is proposed to determine the normal cloud line of industrial control system so as to accurately detect the anomaly. In this paper, The causal modeling algorithm combining Maximum Information Coefficient and Transfer Entropy was used to construct the causal network among nodes in the system. Then, the abnormal nodes and the propagation path of the anomaly are deduced from the structural changes of the causal network before and after the attack. Finally, an anomaly detection algorithm based on hybrid differential cumulative is used to identify the specific anomaly data in the anomaly node. The stability of causality mining algorithm and the validity of locating causality anomalies are verified by using the data of classical chemical process. Experimental results show that the anomaly detection algorithm is better than the comparison algorithm in accuracy, false negative rate and recall rate, and the anomaly location strategy makes the anomaly source traceable.