Biblio

The extensive use of information and communication technologies in power grid systems make them vulnerable to cyber-attacks. One class of cyber-attack is advanced persistent threats where highly skilled attackers can steal user authentication information's and then move laterally in the network, from host to host in a hidden manner, until they reach an attractive target. Once the presence of the attacker has been detected in the network, appropriate actions should be taken quickly to prevent the attacker going deeper. This paper presents a game theoretic approach to optimize the defense against an invader attempting to use a set of known vulnerabilities to reach critical nodes in the network. First, the network is modeled as a vulnerability multi-graph where the nodes represent physical hosts and edges the vulnerabilities that the attacker can exploit to move laterally from one host to another. Secondly, a two-player zero-sum Markov game is built where the states of the game represent the nodes of the vulnerability multi-graph graph and transitions correspond to the edge vulnerabilities that the attacker can exploit. The solution of the game gives the optimal strategy to disconnect vulnerable services and thus slow down the attack.

Detecting botnets and advanced persistent threats is a major challenge for network administrators. An important component of such malware is the command and control channel, which enables the malware to respond to controller commands. The detection of malware command and control channels could help prevent further malicious activity by cyber criminals using the malware. Detection of malware in network traffic is traditionally carried out by identifying specific patterns in packet payloads. Now bot writers encrypt the command and control payloads, making pattern recognition a less effective form of detection. This paper focuses instead on an effective anomaly based detection technique for bot and advanced persistent threats using a data mining approach combined with applied classification algorithms. After additional tuning, the final test on an unseen dataset, false positive rates of 0% with malware detection rates of 100% were achieved on two examined malware threats, with promising results on a number of other threats.

We introduce a novel mathematical model that treats network security as a game between cyber attackers and network administrators. The model takes the form of a zero-sum repeated game where each sub-game corresponds to a possible state of the attacker. Our formulation views state as the set of compromised edges in a graph opposed to the more traditional node-based view. This provides a more expressive model since it allows the defender to anticipate the direction of attack. Both players move independently and in continuous time allowing for the possibility of one player moving several times before the other does. This model shows that defense-in-depth is not always a rational strategy for budget constrained network administrators. Furthermore, a defender can dissuade a rational attacker from attempting to attack a network if the defense budget is sufficiently high. This means that a network administrator does not need to make their system completely free of vulnerabilities, they only to ensure the penalties for being caught outweigh the potential rewards gained.

Cloud storage is vulnerable to advanced persistent threats (APTs), in which an attacker launches stealthy, continuous, well-funded and targeted attacks on storage devices. In this paper, cumulative prospect theory (CPT) is applied to study the interactions between a defender of cloud storage and an APT attacker when each of them makes subjective decisions to choose the scan interval and attack interval, respectively. Both the probability weighting effect and the framing effect are applied to model the deviation of subjective decisions of end-users from the objective decisions governed by expected utility theory, under uncertain attack durations. Cumulative decision weights are used to describe the probability weighting effect and the value distortion functions are used to represent the framing effect of subjective APT attackers and defenders in the CPT-based APT defense game, rather than discrete decision weights, as in earlier prospect theoretic study of APT defense. The Nash equilibria of the CPT-based APT defense game are derived, showing that a subjective attacker becomes risk-seeking if the frame of reference for evaluating the utility is large, and becomes risk-averse if the frame of reference for evaluating the utility is small.

Advanced Persistent Threats are increasingly becoming one of the major concerns to many industries and organizations. Currently, there exists numerous articles and industrial reports describing various case studies of recent notable Advanced Persistent Threat attacks. However, these documents are expressed in natural language. This limits the efficient reusability of the threat intelligence information due to ambiguous nature of the natural language. In this article, we propose a model to formally represent Advanced Persistent Threats as multi-agent systems. Our model is inspired by the concepts of agent-oriented social modelling approaches, generally used for software security requirement analysis.

Route planner systems support commuters and city visitors in finding the best route between two arbitrary points. More advanced route planners integrate different transportation modes such as private transport, public transport, car- and bicycle sharing or walking and are able combine these to multi-modal routes. Nevertheless, state-of-the-art planner systems usually do not consider the users' personal preferences or the wisdom of the crowd when suggesting multi-modal routes. Including the knowledge and experience of locals who are familiar with local transport allows identification of alternative routes which are, for example, less crowded during peak hours. Collaborative filtering (CF) is a technique that allows recommending items such as multi-modal routes based on the ratings of users with similar preferences. In this paper, we introduce RouteMe, a mobile recommender system for personalized, multi-modal routes which combines CF with knowledge-based recommendations to increase the quality of route recommendations. We present our hybrid algorithm in detail and show how we integrate it in a working prototype. The results of a user study show that our prototype combining CF, knowledge-based and popular route recommendations outperforms state-of-the-art route planners.

Approximate Computing aims at trading off computational accuracy against improvements regarding performance, resource utilization and power consumption by making use of the capability of many applications to tolerate a certain loss of quality. A key issue is the dependency of the impact of approximation on the input data as well as user preferences and environmental conditions. In this context, we therefore investigate the concept of self-adaptive image processing that is able to autonomously adapt 2D-convolution filter operators of different accuracy degrees by means of partial reconfiguration on Field-Programmable-Gate-Arrays (FPGAs). Experimental evaluation shows that the dynamic system is able to better exploit a given error tolerance than any static approximation technique due to its responsiveness to changes in input data. Additionally, it provides a user control knob to select the desired output quality via the metric threshold at runtime.

This paper introduces an efficient and robust method that segments long motion capture data into distinct behaviors. The method is unsupervised, and is fully automatic. We first apply spectral clustering on motion affinity matrix to get a rough segmentation. We combined two statistical filters to remove the noises and get a good initial guess on the cut points as well as on the number of segments. Then, we analyzed joint usage information within each rough segment and recomputed an adaptive affinity matrix for the motion. Applying spectral clustering again on this adaptive affinity matrix produced a robust and accurate segmentation compared with the ground-truth. The experiments showed that the proposed approach outperformed the available methods on the CMU Mocap database.

Though the GNSS receiver baseband signal processing realizes more precise estimation by using Kalman Filter, traditional KF-based tracking loops estimate code phase and carrier frequency simultaneously by a single filter. In this case, the error of code phase estimate can affect the carrier frequency tracking loop, which is vulnerable than code tracking loop. This paper presents a tracking architecture based on dual filter. Filters can performing code locking and carrier tracking respectively, hence, the whole tracking loop ultimately avoid carrier tracking being subjected to code tracking errors. The control system is derived according to the mathematical expression of the Kalman system. Based on this model, the transfer function and equivalent noise bandwidth are derived in detail. As a result, the relationship between equivalent noise bandwidth and Kalman gain is presented. Owing to this relationship, the equivalent noise bandwidth for a well-designed tracking loop can adjust automatically with the change of environments. Finally, simulation and performance analysis for this novel architecture are presented. The simulation results show that dual Kalman filters can restrain phase noise more effectively than the loop filter of the classical GNSS tracking channel, therefore this whole system seems more suitable to working in harsh environments.

Visual Tracking methods based on particle filter framework uses frequently the state space information of the target object to calculate the observation model, However this often gives a poor estimate if unexpected motions happen, or under conditions of cluttered backgrounds illumination changes, because the model explores the state space without any additional information of current state. In order to avoid the tracking failure, we address in this paper, Particle filter based visual tracking, in which the target appearance model is represented through an adaptive conjunction of color histogram, and space based appearance combining with velocity parameters, then the appearance models is estimated using particles whose weights, are incrementally updated for dynamic adaptation of the cue parametrization.

Recommender systems are typically evaluated on their ability to provide items that satisfy the needs and interests of the end user. However, in many real world applications, users are not the only stakeholders involved. There may be a variety of individuals or organizations that benefit in different ways from the delivery of recommendations. In this paper, we re-define the recommender system as a multistakeholder environment in which different stakeholders are served by delivering recommendations, and we suggest a utility-based approach to evaluating recommendations in such an environment that is capable of distinguishing among the distributions of utility delivered to different stakeholders.

Long-term tracking is one of the most challenging problems in computer vision. During long-term tracking, the target object may suffer from scale changes, illumination changes, heavy occlusions, out-of-view, etc. Most existing tracking methods fail to handle object invisibility, supposing that the object is always visible throughout the image sequence. In this paper, a novel long-term tracking method is proposed, which mainly addresses the problem of object invisibility. We combine a correlation filter based tracker with an online classifier, aiming to estimate the object state and re-detect the object after its invisibility. In addition, an adaptive updating scheme is proposed for the appearance model of the object considering both visible and invisible situations. Quantitative and qualitative evaluations prove that our algorithm outperforms the state-of-the-art methods on the 20 benchmark sequences with object invisibility. Furthermore, the proposed algorithm achieves competitive performance with the state-of-the-art trackers on Object Tracking Benchmark which covers various challenging aspects in object tracking.

Information shared on Twitter is ever increasing and users-recipients are overwhelmed by the number of tweets they receive, many of which of no interest. Filters that estimate the interest of each incoming post can alleviate this problem, for example by allowing users to sort incoming posts by predicted interest (e.g., "top stories" vs. "most recent" in Facebook). Global and personal filters have been used to detect interesting posts in social networks. Global filters are trained on large collections of posts and reactions to posts (e.g., retweets), aiming to predict how interesting a post is for a broad audience. In contrast, personal filters are trained on posts received by a particular user and the reactions of the particular user. Personal filters can provide recommendations tailored to a particular user's interests, which may not coincide with the interests of the majority of users that global filters are trained to predict. On the other hand, global filters are typically trained on much larger datasets compared to personal filters. Hence, global filters may work better in practice, especially with new users, for which personal filters may have very few training instances ("cold start" problem). Following Uysal and Croft, we devised a hybrid approach that combines the strengths of both global and personal filters. As in global filters, we train a single system on a large, multi-user collection of tweets. Each tweet, however, is represented as a feature vector with a number of user-specific features.

We address the problem of object tracking in an underwater acoustic sensor network in which distributed nodes measure the strength of field generated by moving objects, encode the measurements into digital data packets, and transmit the packets to a fusion center in a random access manner. We allow for imperfect communication links, where information packets may be lost due to noise and collisions. The packets that are received correctly are used to estimate the objects' trajectories by employing an extended Kalman Filter, where provisions are made to accommodate a randomly changing number of obseravtions in each iteration. An adaptive rate control scheme is additionally applied to instruct the sensor nodes on how to adjust their transmission rate so as to improve the location estimation accuracy and the energy efficiency of the system. By focusing explicitly on the objects' locations, rather than working with a pre-specified grid of potential locations, we resolve the spatial quantization issues associated with sparse identification methods. Finally, we extend the method to address the possibility of objects entering and departing the observation area, thus improving the scalability of the system and relaxing the requirement for accurate knowledge of the objects' initial locations. Performance is analyzed in terms of the mean-squared localization error and the trade-offs imposed by the limited communication bandwidth.

This paper presents a quantitative study of adaptive filtering to cancel the EMG artifact from ECG signals. The proposed adaptive algorithm operates in real time; it adjusts its coefficients simultaneously with signals acquisition minimizing a cost function, the summation of weighted least square errors (LSE). The obtained results prove the success and the effectiveness of the proposed algorithm. The best ones were obtained for the forgetting factor equals to 0.99 and the regularization parameter equals to 0.02..

We present a gradient-based attack against SVM-based forensic techniques relying on high-dimensional SPAM features. As opposed to prior work, the attack works directly in the pixel domain even if the relationship between pixel values and SPAM features can not be inverted. The proposed method relies on the estimation of the gradient of the SVM output with respect to pixel values, however it departs from gradient descent methodology due to the necessity of preserving the integer nature of pixels and to reduce the effect of the attack on image quality. A fast algorithm to estimate the gradient is also introduced to reduce the complexity of the attack. We tested the proposed attack against SVM detection of histogram stretching, adaptive histogram equalization and median filtering. In all cases the attack succeeded in inducing a decision error with a very limited distortion, the PSNR between the original and the attacked images ranging from 50 to 70 dBs. The attack is also effective in the case of attacks with Limited Knowledge (LK) when the SVM used by the attacker is trained on a different dataset with respect to that used by the analyst.

Visual object tracking is challenging when the object appearances occur significant changes, such as scale change, background clutter, occlusion, and so on. In this paper, we crop different sizes of multiscale templates around object and input these multiscale templates into network to pretrain the network adaptive the size change of tracking object. Different from previous the tracking method based on deep convolutional neural network (CNN), we exploit deep Residual Network (ResNet) to offline train a multiscale object appearance model on the ImageNet, and then the features from pretrained network are transferred into tracking tasks. Meanwhile, the proposed method combines the multilayer convolutional features, it is robust to disturbance, scale change, and occlusion. In addition, we fuse multiscale search strategy into three kernelized correlation filter, which strengthens the ability of adaptive scale change of object. Unlike the previous methods, we directly learn object appearance change by integrating multiscale templates into the ResNet. We compared our method with other CNN-based or correlation filter tracking methods, the experimental results show that our tracking method is superior to the existing state-of-the-art tracking method on Object Tracking Benchmark (OTB-2015) and Visual Object Tracking Benchmark (VOT-2015).

The Information Centric Networking (ICN) is a novel concept of a large scale ecosystem of wireless actuators and computing technologies. ICN technologies are getting popular in the development of various applications to bring day-to-day comfort and ease in human life. The e-healthcare monitoring services is a subset of ICN services which has been utilized to monitor patient's health condition in a smart and ubiquitous way. However, there are several challenges and attacks on ICN. In this paper we have discussed ICN attacks and ICN based healthcare scenario. We have proposed a novel ICN stack for healthcare scenario for securing biomedical data communication instead of communication networks. However, the biomedical data communication between patient and Doctor requires reliable and secure networks for the global access.

Smart Internet of Things (IoT) applications will rely on advanced IoT platforms that not only provide access to IoT sensors and actuators, but also provide access to cloud services and data analytics. Future IoT platforms should thus provide connectivity and intelligence. One approach to connecting IoT devices, IoT networks to cloud networks and services is to use network federation mechanisms over the internet to create network slices across heterogeneous platforms. Network slices also need to be protected from potential external and internal threats. In this paper we describe an approach for enforcing global security policies in the federated cloud and IoT networks. Our approach allows a global security to be defined in the form of a single service manifest and enforced across all federation network segments. It relies on network function virtualisation (NFV) and service function chaining (SFC) to enforce the security policy. The approach is illustrated with two case studies: one for a user that wishes to securely access IoT devices and another in which an IoT infrastructure administrator wishes to securely access some remote cloud and data analytics services.

In this paper, cyber physical system is analyzed from security perspective. A double closed-loop security control structure and algorithm with defense functions is proposed. From this structure, the features of several cyber attacks are considered respectively. By this structure, the models of information disclosure, denial-of-service (DoS) and Man-in-the-Middle Attack (MITM) are proposed. According to each kind attack, different models are obtained and analyzed, then reduce to the unified models. Based on this, system security conditions are obtained, and a defense scenario with detail algorithm is design to illustrate the implementation of this program.

Security of control systems have become a new and important field of research since malicious attacks on control systems indeed occurred including Stuxnet in 2011 and north eastern electrical grid black out in 2003. Attacks on sensors and/or actuators of control systems cause malfunction, instability, and even system destruction. The impact of attack may differ by which instrumentation (sensors and/or actuators) is being attacked. In particular, for control systems with multiple sensors, attack on each sensor may have different impact, i.e., attack on some sensors leads to a greater damage to the system than those for other sensors. To investigate this, we consider sensor bias injection attacks in linear control systems equipped with anomaly detector, and quantify the maximum impact of attack on sensors while the attack remains undetected. Then, we introduce a notion of sensor security index for linear dynamic systems to quantify the vulnerability under sensor attacks. Method of reducing system vulnerability is also discussed using the notion of sensor security index.

The wireless spectrum is a scarce resource, and the number of wireless terminals is constantly growing. One way to mitigate this strong constraint for wireless traffic is the use of dynamic mechanisms to utilize the spectrum, such as cognitive and software-defined radios. This is especially important for the upcoming wireless sensor and actuator networks in aircraft, where real-time guarantees play an important role in the network. Future wireless networks in aircraft need to be scalable, cater to the specific requirements of avionics (e.g., standardization and certification), and provide interoperability with existing technologies. In this paper, we demonstrate that dynamic network reconfigurability is a solution to the aforementioned challenges. We supplement this claim by surveying several flexible approaches in the context of wireless sensor and actuator networks in aircraft. More specifically, we examine the concept of dynamic resource management, accomplished through more flexible transceiver hardware and by employing dedicated spectrum agents. Subsequently, we evaluate the advantages of cross-layer network architectures which overcome the fixed layering of current network stacks in an effort to provide quality of service for event-based and time-triggered traffic. Lastly, the challenges related to implementation of the aforementioned mechanisms in wireless sensor and actuator networks in aircraft are elaborated, and key requirements to future research are summarized.

Zero dynamics attack is lethal to cyber-physical systems in the sense that it is stealthy and there is no way to detect it. Fortunately, if the given continuous-time physical system is of minimum phase, the effect of the attack is negligible even if it is not detected. However, the situation becomes unfavorable again if one uses digital control by sampling the sensor measurement and using the zero-order-hold for actuation because of the `sampling zeros.' When the continuous-time system has relative degree greater than two and the sampling period is small, the sampled-data system must have unstable zeros (even if the continuous-time system is of minimum phase), so that the cyber-physical system becomes vulnerable to `sampling zero dynamics attack.' In this paper, we begin with its demonstration by a few examples. Then, we present an idea to protect the system by allocating those discrete-time zeros into stable ones. This idea is realized by employing the so-called `generalized hold' which replaces the zero-order-hold.

Internet of Things (IoT) devices are resource constrained devices in terms of power, memory, bandwidth, and processing. On the other hand, multicast communication is considered more efficient in group oriented applications compared to unicast communication as transmission takes place using fewer resources. That is why many of IoT applications rely on multicast in their transmission. This multicast traffic need to be secured specially for critical applications involving actuators control. Securing multicast traffic by itself is cumbersome as it requires an efficient and scalable Group Key Management (GKM) protocol. In case of IoT, the situation is more difficult because of the dynamic nature of IoT scenarios. This paper introduces a solution based on using context aware security server accompanied with a group of key servers to efficiently distribute group encryption keys to IoT devices in order to secure the multicast sessions. The proposed solution is evaluated relative to the Logical Key Hierarchy (LKH) protocol. The comparison shows that the proposed scheme efficiently reduces the load on the key servers. Moreover, the key storage cost on both members and key servers is reduced.

This paper addresses the problem of state estimation of a linear time-invariant system when some of the sensors or/and actuators are under adversarial attack. In our set-up, the adversarial agent attacks a sensor (actuator) by manipulating its measurement (input), and we impose no constraint on how the measurements (inputs) are corrupted. We introduce the notion of ``sparse strong observability'' to characterize systems for which the state estimation is possible, given bounds on the number of attacked sensors and actuators. Furthermore, we develop a secure state estimator based on Satisfiability Modulo Theory (SMT) solvers.