Biblio

Anomalous behaviour in subsystems of complex machines often affect overall performance even without failures. We devise unsupervised methods to detect times with degraded performance, and localize correlated signals, evaluated on a system with over 4000 monitored signals. From incidents comprising both downtimes and degraded performance, our approach localizes relevant signals within 1.2% of the parameter space.

Internet of Things (IoT) networks consist of small devices that use a wireless communication to monitor and possibly control the physical world. A common threat to such networks are jamming attacks, a particular type of denial of service attack. Current research highlights the need for the design of more effective and efficient anti-jamming techniques that can handle different types of attacks in IoT networks. In this paper, we propose DeMiJA, short for Detection and Mitigation of Jamming Attacks in IoT, a novel approach to deal with different jamming attacks in IoT networks. DeMiJA leverages architecture-based adaptation and the MAPE-K reference model (Monitor-Analyze-Plan-Execute that share Knowledge). We present the general architecture of DeMiJA and instantiate the architecture to deal with jamming attacks in the DeltaIoT exemplar. The evaluation shows that DeMiJA can handle different types of jamming attacks effectively and efficiently, with neglectable overhead.

Distributed computation and AI processing at the edge has been identified as an efficient solution to deliver real-time IoT services and applications compared to cloud-based paradigms. These solutions are expected to support the delay-sensitive IoT applications, autonomic decision making, and smart service creation at the edge in comparison to traditional IoT solutions. However, existing solutions have limitations concerning distributed and simultaneous resource management for AI computation and data processing at the edge; concurrent and real-time application execution; and platform-independent deployment. Hence, first, we propose a novel three-layer architecture that facilitates the above service requirements. Then we have developed a novel platform and relevant modules with integrated AI processing and edge computer paradigms considering issues related to scalability, heterogeneity, security, and interoperability of IoT services. Further, each component is designed to handle the control signals, data flows, microservice orchestration, and resource composition to match with the IoT application requirements. Finally, the effectiveness of the proposed platform is tested and have been verified.

OHODIN is an online extension for data streams of the kNN-based ODIN anomaly detection approach. It provides a detection-threshold heuristic that is based on extreme value theory. In contrast to sophisticated anomaly and novelty detection approaches the decision-making process of ODIN is interpretable by humans, making it interesting for certain applications. However, it is limited in terms of the underlying detection method. In this article, we present an extension of the OHODIN to further detection techniques to reinforce OHODIN capability of online data streams anomaly detection. We introduce the algorithm modifications and an experimental evaluation with competing state-of-the-art anomaly detection approaches.

Resilience and antifragility under duress present significant challenges for autonomic and self-adaptive systems operating in contested environments. In such settings, the system has to continually plan ahead, accounting for either an adversary or an environment that may negate its actions or degrade its capabilities. This will involve projecting future states, as well as assessing recovery options, counter-measures, and progress towards system goals. For antifragile systems to be effective, we envision three self-* properties to be of key importance: self-exploration, self-learning and self-training. Systems should be able to efficiently self-explore – using adversarial search – the potential impact of the adversary’s attacks and compute the most resilient responses. The exploration can be assisted by prior knowledge of the adversary’s capabilities and attack strategies, which can be self-learned – using opponent modelling – from previous attacks and interactions. The system can self-train – using reinforcement learning – such that it evolves and improves itself as a result of being attacked. This paper discusses those visions and outlines their realisation in AWaRE, a cyber-resilient and self-adaptive multi-agent system.

The service mesh is a dedicated infrastructure layer in a microservice architecture. It manages service-to-service communication within an application between decoupled or loosely coupled microservices (called services) without modifying their implementations. The service mesh includes APIs for security, traffic and policy management, and observability features. These features are enabled using a pre-defined configuration, which can be changed at runtime with human intervention. However, it has no autonomy to self-manage changes to the microservice application’s operational environment. A better configuration is one that can be customized according to environmental conditions during execution to protect the application from potential threats. This customization requires enabling self-protection mechanisms within the service mesh that evaluate the risk of environmental condition changes and enable appropriate configurations to defend the application from impending threats. In this paper, we design an assessment component into a service mesh that includes a security assurance case to define the threat model and dynamically assess the application given environment changes. We experiment with a demo application, Bookinfo, using an open-source service mesh platform, Istio, to enable self-protection. We consider certain parameters extracted from the service request as environmental conditions. We evaluate those parameters against the threat model and determine the risk of violating a security requirement for controlled and authorized information flow.

In recent years, the “whole chain” development level of China's intellectual property creation, protection and application has been greatly improved. At the same time, cloud computing technology is booming, and intellectual property data distributed platforms based on cloud storage are emerging one after another. Firstly, this paper introduces the domestic intellectual property cloud platform services from the perspectives of government, state-owned enterprises and private enterprises; Secondly, four typical distributed platforms provided by commercial resources are selected to summarize the problems faced by the operation mode of domestic intellectual property services; Then, it compares and discusses the functions and service modes of domestic intellectual property distributed platform, and takes TSITE IP as an example, puts forward the design and construction strategies of intellectual property protection, intellectual property operation service distributed platform and operation service mode under the background of information age. Finally, according to the development of contemporary information technology, this paper puts forward challenges and development direction for the future development of intellectual property platform.

Smart Contracts based cryptocurrencies such as Ethereum are becoming increasingly popular in various domains: but with this increase in popularity comes a significant decrease in throughput and efficiency. Smart Contracts are executed by every miner in the system serially without any parallelism, both inter and intra-Smart Contracts. Such a serial execution inhibits the scalability required to obtain extremely high throughput pertaining to computationally intensive tasks deployed with such Smart Contracts. While significant advancements have been made in the field of concurrency, from GPU architectures that enable massively parallel computation to tools such as MapRe-duce that distributed computing to several nodes connected in the system to achieve higher performance in distributed systems, none are incorporated in blockchain-based distributed computing. The team proposes a novel blockchain that allows public nodes in a permission-independent blockchain to deploy and run Smart Contracts that provide concurrency-related functionalities within the Smart Contract framework. In this paper, the researchers present “ConCurrency,” a blockchain network capable of handling big data-based computations. The technique is based on currently used distributed system paradigms, such as MapReduce, while also allowing for fundamental parallelly computable problems. Concurrency is achieved using a sharding protocol incorporated with consensus mechanisms to ensure high scalability, high reliability, and better efficiency. A detailed methodology and a comprehensive analysis of the proposed blockchain further indicate a significant increase in throughput for parallelly computable tasks, as detailed in this paper.

With the rapid development of urbanization, community security and public security have become an important social issue. As conventional patrol methods can not effectively ensure effective supervision, this paper studies the application of NFC (Near Field Communication) technology in intelligent security system, designs and constructs a set of intelligent security system suitable for public security patrol or security patrol combined with current cloud service technology. The system can not only solve the digital problem of patrol supervision in the current public security, but also greatly improve the efficiency of security and improve the service quality of the industry through the application of intelligent technology.

Knowledge Tracing (KT) is a task that aims to assess students' mastery level of knowledge and predict their performance over questions, which has attracted widespread attention over the years. Recently, an increasing number of researches have applied deep learning techniques to knowledge tracing and have made a huge success over traditional Bayesian Knowledge Tracing methods. Most existing deep learning-based methods utilized either Recurrent Neural Networks (RNNs) or Convolutional Neural Networks (CNNs). However, it is worth noticing that these two sorts of models are complementary in modeling abilities. Thus, in this paper, we propose a novel knowledge tracing model by taking advantage of both two models via combining them into a single integrated model, named Convolutional Recurrent Knowledge Tracing (CRKT). Extensive experiments show that our model outperforms the state-of-the-art models in multiple KT datasets.

Using erasure codes increases consumption of network traffic and disk I/O tremendously when systems recover data, resulting in high latency of degraded reads. In order to mitigate this problem, we present an adaptive storage scheme based on data access skew, a fact that most data accesses are applied in a small fraction of data. In this scheme, we use both Local Reconstruction Code (LRC), whose recovery cost is low, to store frequently accessed data, and Hitchhiker (HH) code, which guarantees minimum storage cost, to store infrequently accessed data. Besides, an efficient switching algorithm between LRC and HH code with low network and computation costs is provided. The whole system will benefit from low degraded read latency while keeping a low storage overhead, and code-switching will not become a bottleneck.

We propose a new approach to creating a subject-oriented distributed computing environment. Such an environment is used to support decision-making in solving relevant problems of ensuring energy systems resilience. The proposed approach is based on the idea of advancing and integrating the following important capabilities in supercomputer engineering: continuous integration, delivery, and deployment of the system and applied software, high-performance computing in heterogeneous environments, multi-agent intelligent computation planning and resource allocation, big data processing and geo-information servicing for subject information, including weakly structured data, and decision-making support. This combination of capabilities and their advancing are unique to the subject domain under consideration, which is related to combinatorial studying critical objects of energy systems. Evaluation of decision-making alternatives is carrying out through applying combinatorial modeling and multi-criteria selection rules. The Orlando Tools framework is used as the basis for an integrated software environment. It implements a flexible modular approach to the development of scientific applications (distributed applied software packages).

Consensus protocols are currently the bottlenecks that prevent blockchain systems from scaling. However, we argue that transaction execution is also important to the performance and security of blockchains. In other words, there are ample opportunities to speed up and further secure blockchains by reducing the cost of transaction execution. Our goal is to understand how much we can speed up blockchains by exploiting transaction concurrency available in blockchain workloads. To this end, we first analyze historical data of seven major public blockchains, namely Bitcoin, Bitcoin Cash, Litecoin, Dogecoin, Ethereum, Ethereum Classic, and Zilliqa. We consider two metrics for concurrency, namely the single-transaction conflict rate per block, and the group conflict rate per block. We find that there is more concurrency in UTXO-based blockchains than in account-based ones, although the amount of concurrency in the former is lower than expected. Another interesting finding is that some blockchains with larger blocks have more concurrency than blockchains with smaller blocks. Next, we propose an analytical model for estimating the transaction execution speed-up given an amount of concurrency. Using results from our empirical analysis, the model estimates that 6× speed-ups in Ethereum can be achieved if all available concurrency is exploited.

Ciphertext-policy attribute-based encryption (CP-ABE) is applied to many data service platforms to provides secure and fine-grained access control. In this paper, a new CP-ABE system based on the algebraic decision diagram (ADD) is presented. The new system makes full use of both the powerful description ability and the high calculating efficiency of ADD to improves the performance and efficiency of algorithms contained in CP-ABE. First, the new system supports both positive and negative attributes in the description of access polices. Second, the size of the secret key is constant and is not affected by the number of attributes. Third, time complexity of the key generation and decryption algorithms are O(1). Finally, this scheme allows visitors to have different access permissions to access shared data or file. At the same time, PV operation is introduced into CP-ABE framework for the first time to prevent resource conflicts caused by read and write operations on shared files. Compared with other schemes, the new scheme proposed in this paper performs better in function and efficiency.

In today's society, under the comprehensive arrival of the Internet era, the rapid development of technology has facilitated people's production and life, but it is also a “double-edged sword”, making people's personal information and other data subject to a greater threat of abuse. The unique features of big data technology, such as massive storage, parallel computing and efficient query, have created a breakthrough opportunity for the key technologies of large-scale network security situational awareness. On the basis of big data acquisition, preprocessing, distributed computing and mining and analysis, the big data analysis platform provides information security assurance services to the information system. This paper will discuss the security situational awareness in large-scale network environment and the promotion of big data technology in security perception.

The recent trend of military is to combined Internet of Things (IoT) knowledge to their field for enhancing the impact in battlefield. That's why Internet of battlefield (IoBT) is our concern. This paper discusses how Fog Radio Access Network(F-RAN) can provide support for local computing in Industrial IoT and IoBT. F-RAN can play a vital role because of IoT devices are becoming popular and the fifth generation (5G) communication is also an emerging issue with ultra-low latency, energy consumption, bandwidth efficiency and wide range of coverage area. To overcome the disadvantages of cloud radio access networks (C-RAN) F-RAN can be introduced where a large number of F-RAN nodes can take part in joint distributed computing and content sharing scheme. The F-RAN in IoBT is effective for enhancing the computing ability with fog computing and edge computing at the network edge. Since the computing capability of the fog equipment are weak, to overcome the difficulties of fog computing in IoBT this paper illustrates some challenging issues and solutions to improve battlefield efficiency. Therefore, the distributed computing load balancing problem of the F-RAN is researched. The simulation result indicates that the load balancing strategy has better performance for F-RAN architecture in the battlefield.

Edge and Fog computing paradigms are used to process big data generated by the increasing number of IoT devices. These paradigms have enabled cities to become smarter in various aspects via real-time data-driven applications. While these have addressed some flaws of cloud computing some challenges remain particularly in terms of privacy and security. We create a testbed based on a distributed processing platform called the Information flow of Things (IFoT) middleware. We briefly describe a decentralized traffic speed query and routing service implemented on this framework testbed. We configure the testbed to test countermeasure systems that aim to address the security challenges faced by prior paradigms. Using this testbed, we investigate a novel decentralized anomaly detection approach for time-sensitive distributed smart transportation systems.

Machine learning experts prefer to think of their input as a single, homogeneous, and consistent data set. However, when analyzing large volumes of data, the entire data set may not be manageable on a single server, but must be stored on a distributed file system instead. Moreover, with the pressing demand to deliver explainable models, the experts may no longer focus on the machine learning algorithms in isolation, but must take into account the distributed nature of the data stored, as well as the impact of any data pre-processing steps upstream in their data analysis pipeline. In this paper, we make the point that even basic transformations during data preparation can impact the model learned, and that this is exacerbated in a distributed setting. We then sketch our vision of end-to-end explainability of the model learned, taking the pre-processing into account. In particular, we point out the potentials of linking the contributions of research on data provenance with the efforts on explainability in machine learning. In doing so, we highlight pitfalls we may experience in a distributed system on the way to generating more holistic explanations for our machine learning models.

A common tool to defend against Sybil attacks is proof-of-work, whereby computational puzzles are used to limit the number of Sybil participants. Unfortunately, current Sybil defenses require significant computational effort to offset an attack. In particular, good participants must spend computationally at a rate that is proportional to the spending rate of an attacker. In this paper, we present the first Sybil defense algorithm which is asymmetric in the sense that good participants spend at a rate that is asymptotically less than an attacker. In particular, if T is the rate of the attacker's spending, and J is the rate of joining good participants, then our algorithm spends at a rate f O($\surd$(TJ) + J). We provide empirical evidence that our algorithm can be significantly more efficient than previous defenses under various attack scenarios. Additionally, we prove a lower bound showing that our algorithm's spending rate is asymptotically optimal among a large family of algorithms.

Cloud computing is a technology is where client require not to stress over the expense of equipment establishment and their support cost. Distributed computing is presently turned out to be most prominent innovation on account of its accessibility, ease and some different elements. Yet, there is a few issues in distributed computing, the principle one is security in light of the fact that each client store their valuable information on the system so they need their information ought to be shielded from any unapproved get to, any progressions that isn't done for client's benefit. To take care of the issue of Key administration, Key Sharing different plans have been proposed. The outsider examiner is the plan for key administration and key sharing. The primary preferred standpoint of this is the cloud supplier can encourage the administration which was accessible by the customary outsider evaluator and make it trustful. The outsider examining plan will be fizzled, if the outsider's security is endangered or of the outsider will be malignant. To take care of the issue, there is another modular for key sharing and key administration in completely Homomorphic Encryption conspire is outlined. In this paper we utilized the symmetric key understanding calculation named Diffie Hellman to make session key between two gatherings who need to impart and elliptic curve cryptography to create encryption keys rather than RSA and have utilized One Time Password (OTP) for confirming the clients.

Fog and Edge computing provide a large pool of resources at the edge of the network that may be used for distributed computing. Fog infrastructure heterogeneity also results in complex configuration of distributed applications on computing nodes. Linux containers are a mainstream technique allowing to run packaged applications and micro services. However, running applications on remote hosts owned by third parties is challenging because of untrusted operating systems and hardware maintained by third parties. To meet such challenges, we may leverage trusted execution mechanisms. In this work, we propose a model for distributed computing on Fog infrastructures using Linux containers secured by Intel's Software Guard Extensions (SGX) technology. We implement our model on a Docker and OpenSGX platform. The result is a secure and flexible approach for distributed computing on Fog infrastructures.

The problem of Byzantine Agreement (BA) is of interest to both distributed computing and cryptography community. Following well-known results from the distributed computing literature, BA problem in the asynchronous network setting encounters inevitable non-termination issues. The impasse is overcome via randomization that allows construction of BA protocols in two flavours of termination guarantee - with overwhelming probability and with probability one. The latter type termed as almost-surely terminating BAs are the focus of this paper. An eluding problem in the domain of almost-surely terminating BAs is achieving a constant expected running time. Our work makes progress in this direction. In a setting with n parties and an adversary with unbounded computing power controlling at most t parties in Byzantine fashion, we present two asynchronous almost-surely terminating BA protocols: With the optimal resilience of t \textbackslashtextless n3 , our first protocol runs for expected O(n) time. The existing protocols in the same setting either runs for expected O(n2) time (Abraham et al, PODC 2008) or requires exponential computing power from the honest parties (Wang, CoRR 2015). In terms of communication complexity, our construction outperforms all the known constructions that offer almost-surely terminating feature. With the resilience of t \textbackslashtextless n/3+ε for any ε \textbackslashtextgreater 0, our second protocol runs for expected O( 1 ε ) time. The expected running time of our protocol turns constant when ε is a constant fraction. The known constructions with constant expected running time either require ε to be at least 1 (Feldman-Micali, STOC 1988), implying t \textbackslashtextless n/4, or calls for exponential computing power from the honest parties (Wang, CoRR 2015). We follow the traditional route of building BA via common coin protocol that in turn reduces to asynchronous verifiable secretsharing (AVSS). Our constructions are built on a variant of AVSS that is termed as shunning. A shunning AVSS fails to offer the properties of AVSS when the corrupt parties strike, but allows the honest parties to locally detect and shun a set of corrupt parties for any future communication. Our shunning AVSS with t \textbackslashtextless n/3 and t \textbackslashtextless n 3+ε guarantee Ω(n) and respectively Ω(εt 2) conflicts to be revealed when failure occurs. Turning this shunning AVSS to a common coin protocol constitutes another contribution of our paper.

The management of security credentials (e.g., passwords, secret keys) for computational science workflows is a burden for scientists and information security officers. Problems with credentials (e.g., expiration, privilege mismatch) cause workflows to fail to fetch needed input data or store valuable scientific results, distracting scientists from their research by requiring them to diagnose the problems, re-run their computations, and wait longer for their results. In this paper, we introduce SciTokens, open source software to help scientists manage their security credentials more reliably and securely. We describe the SciTokens system architecture, design, and implementation addressing use cases from the Laser Interferometer Gravitational-Wave Observatory (LIGO) Scientific Collaboration and the Large Synoptic Survey Telescope (LSST) projects. We also present our integration with widely-used software that supports distributed scientific computing, including HTCondor, CVMFS, and XrootD. SciTokens uses IETF-standard OAuth tokens for capability-based secure access to remote scientific data. The access tokens convey the specific authorizations needed by the workflows, rather than general-purpose authentication impersonation credentials, to address the risks of scientific workflows running on distributed infrastructure including NSF resources (e.g., LIGO Data Grid, Open Science Grid, XSEDE) and public clouds (e.g., Amazon Web Services, Google Cloud, Microsoft Azure). By improving the interoperability and security of scientific workflows, SciTokens 1) enables use of distributed computing for scientific domains that require greater data protection and 2) enables use of more widely distributed computing resources by reducing the risk of credential abuse on remote systems.

Observing semantic dependencies in large and heterogeneous networks is a critical task, since it is quite difficult to find the actual source of a malfunction in the case of an error. Dependencies might exist between many network nodes and among multiple hops in paths. If those dependency structures are unknown, debugging errors gets quite difficult. Since CPS and other large networks change at runtime and consists of custom software and hardware, as well as components off-the-shelf, it is necessary to be able to not only include own components in approaches to detect dependencies between nodes. In this paper we present an extension to the Information Flow Monitor approach. Our goal is that this approach should be able to handle unalterable blackbox nodes. This is quite challenging, since the IFM originally requires each network node to be compliant with the IFM protocol.

Challenges associated with developing analytics solutions at the edge of large scale Industrial Internet of Things (IIoT) networks close to where data is being generated in most cases involves developing analytics solutions from ground up. However, this approach increases IoT development costs and system complexities, delay time to market, and ultimately lowers competitive advantages associated with delivering next-generation IoT designs. To overcome these challenges, existing, widely available, hardware can be utilized to successfully participate in distributed edge computing for IIoT systems. In this paper, an osmotic computing approach is used to illustrate how distributed osmotic computing and existing low-cost hardware may be utilized to solve complex, compute-intensive Explainable Artificial Intelligence (XAI) deep learning problem from the edge, through the fog, to the network cloud layer of IIoT systems. At the edge layer, the C28x digital signal processor (DSP), an existing low-cost, embedded, real-time DSP that has very wide deployment and integration in several IoT industries is used as a case study for constructing real-time graph-based Coiflet wavelets that could be used for several analytic applications including deep learning pre-processing applications at the edge and fog layers of IIoT networks. Our implementation is the first known application of the fixed-point C28x DSP to construct Coiflet wavelets. Coiflet Wavelets are constructed in the form of an osmotic microservice, using embedded low-level machine language to program the C28x at the network edge. With the graph-based approach, it is shown that an entire Coiflet wavelet distribution could be generated from only one wavelet stored in the C28x based edge device, and this could lead to significant savings in memory at the edge of IoT networks. Pearson correlation coefficient is used to select an edge generated Coiflet wavelet and the selected wavelet is used at the fog layer for pre-processing and denoising IIoT data to improve data quality for fog layer based deep learning application. Parameters for implementing deep learning at the fog layer using LSTM networks have been determined in the cloud. For XAI, communication network noise is shown to have significant impact on results of predictive deep learning at IIoT network fog layer.