Biblio

In the theoretical part of the paper, the scope of application of pseudorandom numbers and methods of their generation, as well as methods of statistical testing of pseudorandom sequences (PS) are considered. In the practical part of the work, the quality of PS obtained by Mersenne Twister [1] generator and the cryptographic generator of the RNGCryptoServiceProvider class of the. NET platform is evaluated. Based on the conducted research, the results of testing are obtained, which show that the quality of pseudorandom sequences generated by the cryptographic random number generator is higher than PS generated by Mersenne Twister. Additionally, based on statistical analysis by NIST and TestU01, a study is conducted in an attempt to establish the statistical indistinguishability of sets of empty- and stegocontainers created using a two-dimensional associative masking mechanism [2-4] based on a gamma of at least 500 KB in length. Research work was carried out under the guidance of R.F. Gibadullin, Associate Professor of the Department of Computer Systems of Kazan National Research Technical University named after A.N.Tupolev-KAI.

Cyber security is an important concern in critical infrastructures such as banking and financial organizations, where a number of malicious insiders are involved. These insiders may be existing employees / users present within the organization and causing harm by performing any malicious activity and are commonly known as insider threats. Existing insider threat detection (ITD) methods are based on statistical analysis, machine and deep learning approaches. They monitor and detect malicious user activity based on pre-built rules which fails to detect unforeseen threats. Also, some of these methods require explicit feature engineering which results in high false positives. Apart from this, some methods choose relatively insufficient features and are computationally expensive which affects the classifier's accuracy. Hence, in this paper, a user behaviour based ITD method is presented to overcome the above limitations. It is a conceptually simple and flexible approach based on augmented decision making and anomaly detection. It consists of bi-directional long short term memory (bi-LSTM) for efficient feature extraction. For the purpose of classifying users as "normal" or "malicious", a binary class support vector machine (SVM) is used. CMU-CERT v4.2 dataset is used for testing the proposed method. The performance is evaluated using the following parameters: Accuracy, Precision, Recall, F- Score and AUC-ROC. Test results show that the proposed method outperforms the existing methods.

Underwater acoustic sensor networks (UASNs) have been receiving more and more attention due to their wide applications and the marine data collection is one of the important applications of UASNs. However, the openness and unreliability of underwater acoustic communication links and the easy capture of underwater wireless devices make UASNs vulnerable to various attacks. On the other hand, due to the limited resources of underwater acoustic network nodes, the high bit error rates, large and variable propagation delays, and low bandwidth of acoustic channels, many mature security mechanisms in terrestrial wireless sensor networks cannot be applied in the underwater environment [1]. In this paper, a secure communication protocol for marine data collection was proposed to ensure the confidentiality and data integrity of communication between under sensor nodes and the sink node in UASNs.

There have been developed image encryption algorithm using chaotic map and DNA pseudo-symbols sequence gained on the basis of real DNA symbols. In the suggested algorithm, the address for the selecting of DNA symbols sequence from Gene Bank, encoding rule of the DNA symbols, also the initial parameters of the chaotic map are determined on the secret key basis. Image pixels modification is based on the numerical values of the chaotic points sets coordinates obtained with the chaos play description of the DNA pseudo-symbols and the transference of pixels is based on displacement table constructed with the chaotic map.

Concurrency programs often induce buggy results due to the unexpected interaction among threads. The detection of these concurrency bugs costs a lot because they usually appear under a specific execution trace. How to virtually explore different thread schedules to detect concurrency bugs efficiently is an important research topic. Many techniques have been proposed, including lightweight techniques like adaptive randomized scheduling (ARS) and heavyweight techniques like maximal causality reduction (MCR). Compared to heavyweight techniques, ARS is efficient in exploring different schedulings and achieves state-of-the-art performance. However, it will lead to explore large numbers of redundant thread schedulings, which will reduce the efficiency. Moreover, it suffers from the “cold start” issue, when little information is available to guide the distance calculation at the beginning of the exploration. In this work, we propose a Heuristic-Enhanced Adaptive Randomized Scheduling (HARS) algorithm, which improves ARS to detect concurrency bugs guided with novel distance metrics and heuristics obtained from existing research findings. Compared with the adaptive randomized scheduling method, it can more effectively distinguish the traces that may contain concurrency bugs and avoid redundant schedules, thus exploring diverse thread schedules effectively. We conduct an evaluation on 45 concurrency Java programs. The evaluation results show that our algorithm performs more stably in terms of effectiveness and efficiency in detecting concurrency bugs. Notably, HARS detects hard-to-expose bugs more effectively, where the buggy traces are rare or the bug triggering conditions are tricky.

Following review depicts a unique speech recognition technique, based on planned analysis and utilization of Neural Network and Google API using speech’s characteristics. Multifactor security system pioneered for the authentication of vocal modalities and identification. Undergone project drives completely unique strategy of independent convolution layers structure and involvement of totally unique convolutions includes spectrum and Mel-frequency cepstral coefficient. This review takes in the statistical analysis of sound using scaled up and scaled down spectrograms, conjointly by exploitation the Google Speech-to-text API turns speech to pass code, it will be cross-verified for extended security purpose. Our study reveals that the incorporated methodology and the result provided elucidate the inclination of research in this area and encouraged us to advance in this field.

As the major factors affecting the safety of deep learning models, corner cases and related detection are crucial in AI quality assurance for constructing safety- and security-critical systems. The generic corner case researches involve two interesting topics. One is to enhance DL models' robustness to corner case data via the adjustment on parameters/structure. The other is to generate new corner cases for model retraining and improvement. However, the complex architecture and the huge amount of parameters make the robust adjustment of DL models not easy, meanwhile it is not possible to generate all real-world corner cases for DL training. Therefore, this paper proposes a simple and novel approach aiming at corner case data detection via a specific metric. This metric is developed on surprise adequacy (SA) which has advantages on capture data behaviors. Furthermore, targeting at characteristics of corner case data, three modifications on distanced-based SA are developed for classification applications in this paper. Consequently, through the experiment analysis on MNIST data and industrial data, the feasibility and usefulness of the proposed method on corner case data detection are verified.

In order to improve the big data management ability of IOT access control based on converged network structure, a security integration model of IOT access control based on machine learning and converged network structure is proposed. Combined with the feature analysis method, the storage structure allocation model is established, the feature extraction and fuzzy clustering analysis of big data are realized by using the spatial node rotation control, the fuzzy information fusion parameter analysis model is constructed, the frequency coupling parameter analysis is realized, the virtual inertia parameter analysis model is established, and the integrated processing of big data is realized according to the machine learning analysis results. The test results show that the method has good clustering effect, reduces the storage overhead, and improves the reliability management ability of big data.

Modern Industrial Automation & Control Systems (IACS) are essential part of the critical infrastructures and services. They are used in health, power, water, and transportation systems, and the impact of cyberattacks on IACS could be severe, resulting, for example, in damage to the environment, public or employee safety or health. Thus, building IACS safe and secure against cyberattacks is extremely important. The attacker model is one of the key elements in risk assessment and other security related information system management tasks. The aim of the study is to specify the attacker's profile based on the analysis of network and system events. The paper presents an approach to the selection of attacker's profile attributes from raw network and system events of the Linux OS. To evaluate the approach the experiments were performed on data collected within the Global CPTC 2019 competition.

Cyber-physical systems are used in many areas of human life. But people do not pay enough attention to ensuring the security of these systems. As a result of the resulting security gaps, an attacker can launch an attack, not only shutting down the system, but also having some negative impact on the environment. The article examines denial of service attacks in ad-hoc networks, conducts experiments and considers the consequences of their successful execution. As a result of the research, it was determined that an attack can be detected by changes in transmitted traffic and processor load. The cyber-physical system operates on stable algorithms, and even if legal changes occur, they can be easily distinguished from those caused by the attack. The article shows that the use of statistical methods for analyzing traffic and other parameters can be justified for detecting an attack. This study shows that each attack affects traffic in its own way and creates unique patterns of behavior change. The experiments were carried out according to methodology with changings in the intensity of the attacks, with a change in normal behavior. The results of this study can further be used to implement a system for detecting attacks on cyber-physical systems. The collected datasets can be used to train the neural network.

There have been researches on Distributed Denial of Service (DDoS) attack detection based on deep learning, but most of them use the feature data processed by data mining for feature learning and classification. Based on the original data flow, this paper combines the method of Gray Level Co-occurrence Matrix (GLCM), which not only retains the original data but also can further extract the potential relationship between the original data. The original data matrix and the reconstructed matrix were taken as the input of the model, and the Convolutional Neural Network(CNN) was used for feature learning. Finally, the classifier model was trained for detection. The experimental part is divided into two parts: comparing the detection effect of different data processing methods and different deep learning algorithms; the effectiveness and objectivity of the proposed method are verified by comparing the detection effect of the deep learning algorithm with that of the statistical analysis feature algorithm.

In order to solve the statistical fluctuation problem caused by the finite data length in the practical quantum key distribution system, four commonly used statistical methods, DeMoivre-Laplace theorem, Chebyshev inequality, Chernoff boundary and Hoeffding boundary, are used to analyze. The application conditions of each method are discussed, and the effects of data length and confidence level on quantum key distribution security performance are simulated and analyzed. The simulation results show that the applicable conditions of Chernoff boundary are most consistent with the reality of the practical quantum key distribution system with finite-length data. Under the same experimental conditions, the secure key generation rate and secure transmission distance obtained by Chernoff boundary are better than those of the other three methods. When the data length and confidence level change, the stability of the security performance obtained by the Chernoff boundary is the best.

Most applications of Internet of Vehicles (IoVs) rely on collaboration between nodes. Therefore, false information flow in-between these nodes poses the challenging trust issue in rapidly moving IoV nodes. To resolve this issue, a number of mechanisms have been proposed in the literature for the detection of false information and establishment of trust in IoVs, most of which employ reputation scores as one of the important factors. However, it is critical to have a robust and consistent scheme that is suitable to aggregate a reputation score for each node based on the accuracy of the shared information. Such a mechanism has therefore been proposed in this paper. The proposed system utilises the results of any false message detection method to generate and share feedback in the network, this feedback is then collected and filtered to remove potentially malicious feedback in order to produce a dynamic reputation score for each node. The reputation system has been experimentally validated and proved to have high accuracy in the detection of malicious nodes sending false information and is robust or negligibly affected in the presence of spurious feedback.

The advanced persistent threat (APT) landscape has been studied without quantifiable data, for which indicators of compromise (IoC) may be uniformly analyzed, replicated, or used to support security mechanisms. This work culminates extensive academic and industry APT analysis, not as an incremental step in existing approaches to APT detection, but as a new benchmark of APT related opportunity. We collect 15,259 APT IoC hashes, retrieving subsequent sandbox execution logs across 41 different file types. This work forms an initial focus on Windows-based threat detection. We present a novel Windows APT executable (APT-EXE) dataset, made available to the research community. Manual and statistical analysis of the APT-EXE dataset is conducted, along with supporting feature analysis. We draw upon repeat and common APT paths access, file types, and operations within the APT-EXE dataset to generalize APT execution footprints. A baseline case analysis successfully identifies a majority of 117 of 152 live APT samples from campaigns across 2018 and 2019.

This paper studies physical-layer security over slow fading channels, considering the impact of finite-blocklength secrecy coding. A comprehensive analysis and optimization framework is established to investigate the secrecy throughput (ST) of a legitimate user pair coexisting with an eavesdropper. Specifically, we devise both adaptive and non-adaptive optimization schemes to maximize the ST, where we derive optimal parameters including the transmission policy, blocklength, and code rates based on the instantaneous and statistical channel state information of the legitimate pair, respectively. Various important insights are provided. In particular, 1) increasing blocklength improves both reliability and secrecy with our transmission policy; 2) ST monotonically increases with blocklength; 3) ST initially increases and then decreases with secrecy rate, and there exists a critical secrecy rate that maximizes the ST. Numerical results are presented to verify theoretical findings.

P2P botnet has become one of the most serious threats to today's network security. It can be used to launch kinds of malicious activities, ranging from spamming to distributed denial of service attack. However, the detection of P2P botnet is always challenging because of its decentralized architecture. In this paper, we propose a two-stage P2P botnet detection method which only relies on several traffic statistical features. This method first detects P2P hosts based on three statistical features, and then distinguishes P2P bots from benign P2P hosts by means of another two statistical features. Experimental evaluations on real-world traffic datasets shows that our method is able to detect hidden P2P bots with a detection accuracy of 99.7% and a false positive rate of only 0.3% within 5 minutes.

Augmented reality (AR) has been identified as a key technology to enhance worker utility in the context of increasing automation of repeatable procedures. AR can achieve this by assisting the user in performing complex and frequently changing procedures. Crucial to the success of procedure assistance AR applications is user acceptability, which can be measured by user quality of experience (QoE). An active research topic in QoE is the identification of implicit metrics that can be used to continuously infer user QoE during a multimedia experience. A user's QoE is linked to their affective state. Affective state is reflected in facial expressions. Emotions shown in micro facial expressions resemble those expressed in normal expressions but are distinguished from them by their brief duration. The novelty of this work lies in the evaluation of micro facial expressions as a continuous QoE metric by means of correlation analysis to the more traditional and accepted post-experience self-reporting. In this work, an optimal Rubik's Cube solver AR application was used as a proof of concept for complex procedure assistance. This was compared with a paper-based procedure assistance control. QoE expressed by affect in normal and micro facial expressions was evaluated through correlation analysis with post-experience reports. The results show that the AR application yielded higher task success rates and shorter task durations. Micro facial expressions reflecting disgust correlated moderately to the questionnaire responses for instruction disinterest in the AR application.

Style transfer produces a transferred image which is a rendering of a content image in the manner of a style image. We seek to understand how to improve style transfer.To do so requires quantitative evaluation procedures, but current evaluation is qualitative, mostly involving user studies. We describe a novel quantitative evaluation procedure. Our procedure relies on two statistics: the Effectiveness (E) statistic measures the extent that a given style has been transferred to the target, and the Coherence (C) statistic measures the extent to which the original image's content is preserved. Our statistics are calibrated to human preference: targets with larger values of E and C will reliably be preferred by human subjects in comparisons of style and content, respectively.We use these statistics to investigate relative performance of a number of Neural Style Transfer (NST) methods, revealing a number of intriguing properties. Admissible methods lie on a Pareto frontier (i.e. improving E reduces C, or vice versa). Three methods are admissible: Universal style transfer produces very good C but weak E; modifying the optimization used for Gatys' loss produces a method with strong E and strong C; and a modified cross-layer method has slightly better E at strong cost in C. While the histogram loss improves the E statistics of Gatys' method, it does not make the method admissible. Surprisingly, style weights have relatively little effect in improving EC scores, and most variability in transfer is explained by the style itself (meaning experimenters can be misguided by selecting styles). Our GitHub Link is available1.

In this paper, a novel Dynamic Chaotic Biometric Identity Isomorphic Elliptic Curve (DCBI-IEC) has been introduced for Image Encryption. The biometric digital identity is extracted from the user fingerprint image as fingerprint minutia data incorporated with the chaotic logistic map and hence, a new DCBDI-IEC has been suggested. DCBI-IEC is used to control the key schedule for all encryption and decryption processing. Statistical analysis, differential analysis and key sensitivity test are performed to estimate the security strengths of the proposed DCBI-IEC system. The experimental results show that the proposed algorithm is robust against common signal processing attacks and provides a high security level for image encryption application.

Recently, new perspective areas of chaotic encryption have evolved, including fuzzy logic encryption. The presented work proposes an image encryption system based on two chaotic mapping that uses fuzzy logic. The paper also presents numerical calculations of some parameters of statistical analysis, such as, histogram, entropy of information and correlation coefficient, which confirm the efficiency of the proposed algorithm.

Differential privacy is fast becoming the gold standard in enabling statistical analysis of data while protecting the privacy of individuals. However, practical use of differential privacy still lags behind research progress because research prototypes cannot satisfy the scalability requirements of production deployments. To address this challenge, we present Chorus, a framework for building scalable differential privacy mechanisms which is based on cooperation between the mechanism itself and a high-performance production database management system (DBMS). We demonstrate the use of Chorus to build the first highly scalable implementations of complex mechanisms like Weighted PINQ, MWEM, and the matrix mechanism. We report on our experience deploying Chorus at Uber, and evaluate its scalability on real-world queries.

This paper proposes an approach that combines a deep learning-based method and a traditional machine learning-based method to efficiently detect malicious requests Web servers received. The first few layers of Convolutional Neural Network for Text Classification (TextCNN) are used to automatically extract powerful semantic features and in the meantime transferable statistical features are defined to boost the detection ability, specifically Web request parameter tampering. The semantic features from TextCNN and transferable statistical features from artificially-designing are grouped together to be fed into Support Vector Machine (SVM), replacing the last layer of TextCNN for classification. To facilitate the understanding of abstract features in form of numerical data in vectors extracted by TextCNN, this paper designs trace-back functions that map max-pooling outputs back to words in Web requests. After investigating the current available datasets for Web attack detection, HTTP Dataset CSIC 2010 is selected to test and verify the proposed approach. Compared with other deep learning models, the experimental results demonstrate that the approach proposed in this paper is competitive with the state-of-the-art.

Since the neural networks are utilized to extract information from an image, Gatys et al. found that they could separate the content and style of images and reconstruct them to another image which called Style Transfer. Moreover, there are many feed-forward neural networks have been suggested to speeding up the original method to make Style Transfer become practical application. However, this takes a price: these feed-forward networks are unchangeable because of their fixed parameters which mean we cannot transfer arbitrary styles but only single one in real-time. Some coordinated approaches have been offered to relieve this dilemma. Such as a style-swap layer and an adaptive normalization layer (AdaIN) and soon. Its worth mentioning that we observed that the AdaIN layer only aligns the means and variance of the content feature maps with those of the style feature maps. Our method is aimed at presenting an operational approach that enables arbitrary style transfer in real-time, reserving more statistical information by histogram matching, providing more reliable texture clarity and more humane user control. We achieve performance more cheerful than existing approaches without adding calculation, complexity. And the speed comparable to the fastest Style Transfer method. Our method provides more flexible user control and trustworthy quality and stability.

Aiming at the problems of poor stability and low accuracy of current communication data informatization processing methods, this paper proposes a research on nonlinear frequency hopping communication data informatization under the framework of big data security evaluation. By adding a frequency hopping mediation module to the frequency hopping communication safety evaluation framework, the communication interference information is discretely processed, and the data parameters of the nonlinear frequency hopping communication data are corrected and converted by combining a fast clustering analysis algorithm, so that the informatization processing of the nonlinear frequency hopping communication data under the big data safety evaluation framework is completed. Finally, experiments prove that the research on data informatization of nonlinear frequency hopping communication under the framework of big data security evaluation could effectively improve the accuracy and stability.

In Compositional data, the relative proportions of the components contain important relevant information. In such case, Euclidian distance fails to capture variation when considered within data science models and approaches such as partial least squares discriminant analysis (PLS-DA). Indeed, the Euclidean distance assumes implicitly that the data is normally distributed which is not the case of compositional vectors. Aitchison transformation has been considered as a standard in compositional data analysis. In this paper, we consider two other transformation methods, Isometric log ratio (ILR) transformation and data-based power (alpha) transformation, before feeding the data to PLS-DA algorithm for classification [1]. In order to investigate the merits of both methods, we apply them in two challenging information system security applications namely spam filtering and intrusion detection.