Biblio

As one of the defensive solutions against cyberattacks, an Intrusion Detection System (IDS) plays an important role in observing the network state and alerting suspicious actions that can break down the system. There are many attempts of adopting Machine Learning (ML) in IDS to achieve high performance in intrusion detection. However, all of them necessitate a large amount of labeled data. In addition, labeling attack data is a time-consuming and expensive human-labor operation, it makes existing ML methods difficult to deploy in a new system or yields lower results due to a lack of labels on pre-trained data. To address these issues, we propose a semi-supervised IDS model that leverages Generative Adversarial Networks (GANs) and Adversarial AutoEncoder (AAE), called a semi-supervised adversarial autoencoder (SAAE). Our SAAE experimental results on two public datasets for benchmarking ML-based IDS, including NF-CSE-CIC-IDS2018 and NF-UNSW-NB15, demonstrate the effectiveness of AAE and GAN in case of using only a small number of labeled data. In particular, our approach outperforms other ML methods with the highest detection rates in spite of the scarcity of labeled data for model training, even with only 1% labeled data.

The correctness of user traffic forwarding paths is an important goal of trusted transmission. Many network security issues are related to it, i.e., denial-of-service attacks, route hijacking, etc. The current path-aware network architecture can effectively overcome this issue through path verification. At present, the main problems of path verification are high communication and high computation overhead. To this aim, this article proposes a lightweight real-time verification mechanism of intradomain forwarding paths in autonomous systems to achieve a path verification architecture with no communication overhead and low computing overhead. The problem situation is that a packet finally reaches the destination, but its forwarding path is inconsistent with the expected path. The expected path refers to the packet forwarding path determined by the interior gateway protocols. If the actual forwarding path is different from the expected one, it is regarded as an incorrect forwarding path. This article focuses on the most typical intradomain routing environment. A few routers are set as the verification routers to block the traffic with incorrect forwarding paths and raise alerts. Experiments prove that this article effectively solves the problem of path verification and the problem of high communication and computing overhead.

Child facial expression recognition is a relatively less investigated area within affective computing. Children’s facial expressions differ significantly from adults; thus, it is necessary to develop emotion recognition frameworks that are more objective, descriptive and specific to this target user group. In this paper we propose the first approach that (i) constructs video-level heterogeneous graph representation for facial expression recognition in children, and (ii) predicts children’s facial expressions using the automatically detected Action Units (AUs). To this aim, we construct three separate length-independent representations, namely, statistical, spectral and graph at video-level for detailed multi-level facial behaviour decoding (AU activation status, AU temporal dynamics and spatio-temporal AU activation patterns, respectively). Our experimental results on the LIRIS Children Spontaneous Facial Expression Video Database demonstrate that combining these three feature representations provides the highest accuracy for expression recognition in children.

Network security is a prominent topic that is gaining international attention. Distributed Denial of Service (DDoS) attack is often regarded as one of the most serious threats to network security. Software Defined Network (SDN) decouples the control plane from the data plane, which can meet various network requirements. But SDN can also become the object of DDoS attacks. This paper proposes an automated DDoS attack mitigation method that is based on the programmability of the Ryu controller and the features of the OpenFlow switch flow tables. The Mininet platform is used to simulate the whole process, from SDN traffic generation to using a K-Nearest Neighbor model for traffic classification, as well as identifying and mitigating DDoS attack. The packet counts of the victim's malicious traffic input port are significantly lower after the mitigation method is implemented than before the mitigation operation. The purpose of mitigating DDoS attack is successfully achieved.

Previous work has shown that a neural network with the rectified linear unit (ReLU) activation function leads to a convex polyhedral decomposition of the input space. These decompositions can be represented by a dual graph with vertices corresponding to polyhedra and edges corresponding to polyhedra sharing a facet, which is a subgraph of a Hamming graph. This paper illustrates how one can utilize the dual graph to detect and analyze adversarial attacks in the context of digital images. When an image passes through a network containing ReLU nodes, the firing or non-firing at a node can be encoded as a bit (1 for ReLU activation, 0 for ReLU non-activation). The sequence of all bit activations identifies the image with a bit vector, which identifies it with a polyhedron in the decomposition and, in turn, identifies it with a vertex in the dual graph. We identify ReLU bits that are discriminators between non-adversarial and adversarial images and examine how well collections of these discriminators can ensemble vote to build an adversarial image detector. Specifically, we examine the similarities and differences of ReLU bit vectors for adversarial images, and their non-adversarial counterparts, using a pre-trained ResNet-50 architecture. While this paper focuses on adversarial digital images, ResNet-50 architecture, and the ReLU activation function, our methods extend to other network architectures, activation functions, and types of datasets.

In the 21st century, world-leading industries are under the accelerated development of digital transformation. Along with information and data resources becoming more transparent on the Internet, many new network technologies were introduced, but cyber-attack also became a severe problem in cyberspace. Over time, industrial control networks are also forced to join the nodes of the Internet. Therefore, cybersecurity is much more complicated than before, and suffering risk of browsing unknown websites also increases. To practice defenses against cyber-attack effectively, Cyber Range is the best platform to emulate all cyber-attacks and defenses. This article will use VMware virtual machine emulation technology, research cyber range systems under industrial control network architecture, and design and implement an industrial control cyber range system. Using the industrial cyber range to perform vulnerability analyses and exploits on web servers, web applications, and operating systems. The result demonstrates the consequences of the vulnerability attack and raises awareness of cyber security among government, enterprises, education, and other related fields, improving the practical ability to defend against cybersecurity threats.

Network security isolation technology is an important means to protect the internal information security of enterprises. Generally, isolation is achieved through traditional network devices, such as firewalls and gatekeepers. However, the security rules are relatively rigid and cannot better meet the flexible and changeable business needs. Through the double sandbox structure created for each user, each user in the virtual machine is isolated from each other and security is ensured. By creating a virtual disk in a virtual machine as a user storage sandbox, and encrypting the read and write of the disk, the shortcomings of traditional network isolation methods are discussed, and the application of cloud desktop network isolation technology based on VMwarer technology in universities is expounded.

The phenomenon known as "Internet ossification" describes the process through which certain components of the Internet’s older design have become immovable at the present time. This presents considerable challenges to the adoption of IPv6 and makes it hard to implement IP multicast services. For new applications such as data centers, cloud computing and virtualized networks, improved network availability, improved internal and external domain routing, and seamless user connectivity throughout the network are some of the advantages of Internet growth. To meet these needs, we've developed Software Defined Networking for the Future Internet (SDN). When compared to current networks, this new paradigm emphasizes control plane separation from network-forwarding components. To put it another way, this decoupling enables the installation of control plane software (such as Open Flow controller) on computer platforms that are substantially more powerful than traditional network equipment (such as switches/routers). This research describes Mininet’s routing techniques for a virtualized software-defined network. There are two obstacles to overcome when attempting to integrate SDN in an LTE/WiFi network. The first problem is that external network load monitoring tools must be used to measure QoS settings. Because of the increased demand for real-time load balancing methods, service providers cannot adopt QoS-based routing. In order to overcome these issues, this research suggests a router configuration method. Experiments have proved that the network coefficient matrix routing arrangement works, therefore it may provide an answer to the above-mentioned concerns. The Java-based SDN controller outperforms traditional routing systems by nine times on average highest sign to sound ratio. The study’s final finding suggests that the field’s future can be forecast. We must have a thorough understanding of this emerging paradigm to solve numerous difficulties, such as creating the Future Internet and dealing with its obliteration problem. In order to address these issues, we will first examine current technologies and a wide range of current and future SDN projects before delving into the most important issues in this field in depth.

Trojan attacks threaten deep neural networks (DNNs) by poisoning them to behave normally on most samples, yet to produce manipulated results for inputs attached with a particular trigger. Several works attempt to detect whether a given DNN has been injected with a specific trigger during the training. In a parallel line of research, the lottery ticket hypothesis reveals the existence of sparse sub-networks which are capable of reaching competitive performance as the dense network after independent training. Connecting these two dots, we investigate the problem of Trojan DNN detection from the brand new lens of sparsity, even when no clean training data is available. Our crucial observation is that the Trojan features are significantly more stable to network pruning than benign features. Leveraging that, we propose a novel Trojan network detection regime: first locating a “winning Trojan lottery ticket” which preserves nearly full Trojan information yet only chance-level performance on clean inputs; then recovering the trigger embedded in this already isolated sub-network. Extensive experiments on various datasets, i.e., CIFAR-10, CIFAR-100, and ImageNet, with different network architectures, i.e., VGG-16, ResNet-18, ResNet-20s, and DenseNet-100 demonstrate the effectiveness of our proposal. Codes are available at https://github.com/VITA-Group/Backdoor-LTH.

MPLS has been in the forefront of high-speed Wide Area Networks (WANs), for almost two decades [1], [12]. The performance advantages in implementing Multi-Protocol Label Switching (MPLS) are mainly its superior speed based on fast label switching and its capability to perform Fast Reroute rapidly when failure(s) occur - in theory under 50 ms [16], [17], which makes MPLS also interesting for real-time applications. We investigate the aforementioned advantages of MPLS by creating two real testbeds using actual routers that commercial Internet Service Providers (ISPs) use, one with a ring and one with a partial mesh architecture. In those two testbeds we compare the performance of MPLS channels versus normal routing, both using the Open Shortest Path First (OSPF) routing protocol. The speed of the Fast Reroute mechanism for MPLS when failures are occurring is investigated. Firstly, baseline experiments are performed consisting of MPLS versus normal routing. Results are evaluated and compared using both single and dual failure scenarios within the two architectures. Our results confirm recovery times within 50 ms.

Digital identity is the key to the evolving digital society and economy. Since the inception of digital identity, numerous Identity Management (IDM) systems have been developed to manage digital identity depending on the requirements of the individual and that of organisations. This evolution of IDM systems has provided an incremental process leading to the granting of control of identity ownership and personal data to its user, thus producing an IDM which is more user-centric with enhanced security and privacy. A recently promising IDM known as Self-Sovereign Identity (SSI) has the potential to provide this sovereignty to the identity owner. The Sovrin Network is an emerging SSI service utility enabling self-sovereign identity for all, therefore, its assessment has to be carefully considered with reference to its architecture, working, functionality, strengths and limitations. This paper presents an analysis of the Sovrin Network based on aforementioned features. Firstly, it presents the architecture and components of the Sovrin Network. Secondly, it illustrates the working of the Sovrin Network and performs a detailed analysis of its various functionalities and metrics. Finally, based on the detailed analysis, it presents the strengths and limitations of the Sovrin Network.

Deploying a new network architecture in the Internet requires changing some, but not necessarily all elements between communicating applications. One way to achieve gradual deployment is a proxy or gateway which "translates" between the new architecture and TCP/IP. We present such a proxy, called "Performance Enhancing Proxy for Deploying Network Architectures (PEP-DNA)", which allows TCP/IP applications to benefit from advanced features of a new network architecture without having to be redeveloped. Our proxy is a kernel-based Linux implementation which can be installed wherever a translation needs to occur between a new architecture and TCP/IP domains. We discuss the proxy operation in detail and evaluate its efficiency and performance in a local testbed, demonstrating that it achieves high throughput with low additional latency overhead. In our experiments, we use the Recursive InterNetwork Architecture (RINA) and Information-Centric Networking (ICN) as examples, but our proxy is modular and flexible, and hence enables realistic gradual deployment of any new "clean-slate" approaches.

Recently, network usage has evolved from resource sharing between hosts to content distribution and retrieval. Some emerging network architectures, like Named Data Networking (NDN), focus on the design of content-oriented network paradigm. However, these clean-slate network architectures are difficult to be deployed progressively and deal with the new communication requirements. Multi-Identifier Network (MIN) is a promising network architecture that contains push and pull communication semantics and supports the resolution, routing and extension of multiple network identifiers. MIN's original design was proposed in 2019, which has been improved over the past two years. In this paper, we present the current design and implementation of MIN. We also propose a fallback-based identifier extension scheme to improve the extensibility of the network. We demonstrate that MIN outperforms NDN in the scenario of progressive deployment via IP tunnel.

With current Traditional / Legacy networks, the reliance on manual intervention to solve a variety of issues be it primary operational functionalities like addressing Link-failure or other consequent complexities arising out of existing solutions for challenges like Link-flapping or facing attacks like DDoS attacks is substantial. This physical and manual approach towards network configurations to make significant changes result in very slow updates and increased probability of errors and are not sufficient to address and support the rapidly shifting workload of the networks due to the fact that networking decisions are left to the hands of physical networking devices. With the advent of Software Defined Networking (SDN) which abstracts the network functionality planes, separating it from physical hardware – and decoupling the data plane from the control plane, it is able to provide a degree of automation for the network resources and management of the services provided by the network. This paper explores some of the aspects of automation provided by SDN capabilities in a Mesh Network (provides Network Security with redundancy of communication links) which contribute towards making the network inherently intelligent and take decisions without manual intervention and thus take a step towards Intelligent Automated Networks.

The ongoing expansion of underwater Internet of Things techniques promote diverse categories of maritime intelligent systems, e.g., Underwater Acoustic Sensor Networks (UASNs), Underwater Wireless Networks (UWNs), especially multiple Autonomous Underwater Vehicle (AUV) based UWNs have produced many civil and military applications. To enhance the network management and scalability, in this paper, the technique of Software-Defined Networking (SDN) technique is introduced, leading to the paradigm of Software-Defined multi-AUV-based UWNs (SD-UWNs). With SD-UWNs, the network architecture is divided into three functional layers: data layer, control layer, and application layer, and the network administration is re-defined by a framework of software-defined beacon. To manage the network, a control model based on artificial potential field and network topology theory is constructed. On account of the efficient data sharing ability of SD-UWNs, a proactive alarming-enabled path planning scheme is proposed, wherein all potential categories of obstacle avoidance scenes are taken into account. Evaluation results indicate that the proposed SD-UWN is more efficient in scheduling the cooperative network function than the traditional approaches and can secure exact path planning.

With the rapid development of e-commerce and the increasing popularity of credit cards, online transactions have become increasingly smooth and convenient. However, many online transactions suffer from credit card fraud, resulting in huge losses every year. Many financial organizations and e-commerce companies are devoted to developing advanced fraud detection algorithms. This paper presents an approach to detect fraud transactions using the IEEE-CIS Fraud Detection dataset provided by Kaggle. Our stacked model is based on Gradient Boosting, LightGBM, CatBoost, and Random Forest. Besides, implementing StackNet improves the classification accuracy significantly and provides expandability to the network architecture. Our final model achieved an AUC of 0.9578 for the training set and 0.9325 for the validation set, demonstrating excellent performance in classifying different transaction types.

In this paper we discuss distributed denial of service attacks on software defined networks, software defined networking is a network architecture approach that enables the network to be intelligently and centrally controlled using software applications. These days the usage of internet is increased because high availability of internet and low cost devices. At the same time lot of security challenges are faced by network monitors and administrators to tackle the frequent network access by the users. The main idea of SDN is to separate the control plane and the data plane, as a result all the devices in the data plane becomes forwarding devices and all the decision making activities transferred to the centralized system called controller. Openflow is the standardized and most important protocol among many SDN protocols. In this article given the overview of distributed denial of service attacks and prevention mechanisms to these malicious attacks.

Over the last few years, the deployment of Internet of Things (IoT) is attaining much more concern on smart computing devices. With the exponential growth of small devices and at the same time cheap prices of these sensing devices, there raises an important question for the security of the stored information as these devices generate a large amount of private data for observing and controlling purposes. Distributed Denial of Service (DDoS) attacks are current examples of major security threats to IoT devices. As yet, no standard protocol can fully ensure the security of IoT devices. But adaptive decision making along with elasticity and incessant monitoring is required. These difficulties can be resolved with the assistance of Software Defined Networking (SDN) which can viably deal with the security dangers to the IoT devices in a powerful and versatile way without hampering the lightweightness of the IoT devices. Although SDN performs quite well for managing and controlling IoT devices, security is still an open concern. Nonetheless, there are a few challenges relating to the mitigation of DDoS attacks in IoT systems implemented with SDN architecture. In this paper, a brief overview of some of the popular DDoS attack mitigation techniques and their limitations are described. Also, the challenges of implementing these techniques in SDN-based architecture to IoT devices have been presented.

The emergence of the Internet of Things (IoT) is not only a global revolution in the information industry, but also brought tremendous changes to our lives. With the development of the technology and means of the IoT, information security issues have gradually emerged, and intrusion attacks have become one of the main problems of the IoT network security. The network layer of the IoT is the key connecting the platform and sensors or controllers of the IoT, and it is also the most standardized, the strongest and the most mature part of the whole physical network architecture. Its large-scale development has led to the network layer's security issues will receive more attention and face more challenges. This paper proposes an intrusion detection algorithm deployed on the network layer of the IoT, which uses the BPSO algorithm to extract features from the NSL-KDD dataset, and applies support vector machines (SVM) as the core model of the algorithm to detect and identify abnormal data, especially DoS attacks. Experimental results show that the model's detection rate of abnormal data and DoS attacks are significantly improved.

Named Data Networking, a future internet network architecture design that can change the network's perspective from previously host-centric to data-centric. It can reduce the network load, especially on the server part, and can provide advantages in multicast cases or re-sending of content data to users due to transmission errors. In NDN, interest messages are sent to the router, and if they are not immediately found, they will continue to be forwarded, resulting in a large load. NDNS or a DNS-Like Name Service for NDN is needed to know exactly where the content is to improve system performance. NDNS is a database that provides information about the zone location of the data contained in the network. In this study, a simulation was conducted to test the NDNS mechanism on the NDN network to support caching on the NDN network by testing various topologies with changes in the size of the content store and the number of nodes used. NDNS is outperform compared to NDN without NDNS for cache hit ratio and load parameters.

In existing Communication Based Train Control (CBTC) system, information security threats are analyzed, then information security demands of CBTC system are put forward. To protect information security, three security domains are divided according the Safety Integrity Level (SIL)) of CBTC system. Information security architecture of CBTC system is designed, special use firewalls and intrusion detection system are adopted. Through this CBTC system security are enhanced and operation safety is ensured.

Named Data Networking (NDN) is an emerging network architecture, which is built by keeping data as its pivotal point. The in-network cache, one of the important characteristics, makes data packets to be available from multiple locations on the Internet. Hence data access control and their enforcement mechanisms become even more critical in the NDNs. In this paper, we propose a novel encryption-based data access control scheme using Role-Based Encryption (RBE). The inheritance property of our scheme provides a natural way to achieve efficient data access control over hierarchical content. This in turn makes our scheme suitable for large scale real world content-centric applications and services such as Netflix. Further, the proposed scheme introduces an anonymous signature-based authentication mechanism to reject bogus data requests nearer to the source, thereby preventing them from entering the network. This in turn helps to mitigate better denial of service attacks. In addition, the signature mechanism supports unlinkability, which is essential to prevent leakages of individual user's access patterns. Another major feature of the proposed scheme is that it provides accountability of the Internet Service Providers (ISPs) using batch signature verification. Moreover, we have developed a transparent and secure dispute resolution and payment mechanism using smart-contract and blockchain technologies. We present a formal security analysis of our scheme to show it is provably secure against Chosen Plaintext Attacks. We also demonstrate that our scheme supports more functionalities than the existing schemes and its performance is better in terms of computation, communication and storage.

Thanks to advances in network architecture with Software-Defined Networking (SDN) paradigm, there are various approaches for eliminating attack surface in the largescale networks relied on the essence of the SDN principle. They are ranging from intrusion detection to moving target defense, and cyber deception that leverages the network programmability. Therein, cyber deception is considered as a proactive defense strategy for the usual network operation since it makes attackers spend more time and effort to successfully compromise network systems. In this paper, we concentrate on reconnaissance attacks in SDN-enabled networks to collect the sensitive information for hackers to conduct further attacks. In more details, we introduce SDNRecon tool to perform reconnaissance attacks, which can be useful in evaluating cyber deception techniques deployed in SDN-aware networks.

In addition to the feature of real-time analytics, fog computing allows detection nodes to be located at the edges of the network. On the other hand, intrusion detection systems require prompt and accurate attack analysis and detection. These systems must promptly respond appropriately to an event. Increasing the speed of data transfer and response requires less bandwidth in the network, reducing the data sent to the cloud and increasing information security as some of the advantages of using detection nodes at the edges of the network in fog computing. The use of neural networks in the analyzer engine is important for the low consumption of system resources, avoidance of explicit production of detection rules, detection of known deformed attacks, and the ability to manage noise and outlier data. The current paper proposes and implements the architecture of network intrusion detection nodes in fog computing, in addition to presenting the proposed fog network architecture. In the proposed architecture, each node can, in addition to performing intrusion detection operations, observe the nodes around it, find the compromised node or intrusion node, and inform the nodes close to it to disconnect from that node.

When the electrical grid in a region suffers a major outage, e.g., after a catastrophic cyber attack, a “black start” may be required, where the grid is slowly restarted, carefully and incrementally adding generating capacity and demand. To ensure safe and effective black start, the grid control center has to be able to communicate with field personnel and with supervisory control and data acquisition (SCADA) systems. Voice and text communication are particularly critical. As part of the Defense Advanced Research Projects Agency (DARPA) Rapid Attack Detection, Isolation, and Characterization Systems (RADICS) program, we designed, tested and evaluated a self-configuring mesh network prototype called the Phoenix Secure Emergency Network (PhoenixSEN). PhoenixSEN provides a secure drop-in replacement for grid's primary communication networks during black start recovery. The network combines existing and new technologies, can work with a variety of link-layer protocols, emphasizes manageability and auto-configuration, and provides services and applications for coordination of people and devices including voice, text, and SCADA communication. We discuss the architecture of PhoenixSEN and evaluate a prototype on realistic grid infrastructure through a series of DARPA-led exercises.