Biblio

We study a problem of covert communication over binary symmetric channels (BSC) in an asynchronous setup. Here, Alice seeks to communicate to Bob over a BSC while trying to be covert with respect to Willie, who observes any communication through possibly a different BSC. When Alice communicates, she transmits a message (using a codeword of length n) at a random time uniformly distributed in a window of size Aw slots. We assume that Bob has side information about the time of transmission leading to a reduced uncertainty of Ab slots for Bob, where \$A\_b$\backslash$lt A\_w\$. In this setup, we seek to characterize the limits of covert communication as a function of the timing advantage. When Aw is increasing exponentially in n, we characterize the covert capacity as a function of Aw and Ab. When Aw is increasing sub-exponentially in n, we characterize lower and upper bounds on achievable covert bits and show that positive covert rates are not feasible irrespective of timing advantage. Using numerical work, we illustrate our results for different network scenarios, and also highlight a tradeoff between timing advantage and channel advantage (between Bob and Willie).

Covert communications enable a transmitter to send information reliably in the presence of an adversary, who looks to detect whether the transmission took place or not. We consider covert communications over quasi-static block fading channels, where users suffer from channel uncertainty. We investigate the adversary Willie's optimal detection performance in two extreme cases, i.e., the case of perfect channel state information (CSI) and the case of channel distribution information (CDI) only. It is shown that in the large detection error regime, Willie's detection performances of these two cases are essentially indistinguishable, which implies that the quality of CSI does not help Willie in improving his detection performance. This result enables us to study the covert transmission design without the need to factor in the exact amount of channel uncertainty at Willie. We then obtain the optimal and suboptimal closed-form solution to the covert transmission design. Our result reveals fundamental difference in the design between the case of quasi-static fading channel and the previously studied case of non-fading AWGN channel.

Aiming at the problems of low accuracy and poor effect caused by the lack of data labels in most real network traffic, an optimized density peak clustering based on the improved salp swarm algorithm is proposed for traffic anomaly detection. Through the optimization of cosine decline and chaos strategy, the salp swarm algorithm not only accelerates the convergence speed, but also enhances the search ability. Moreover, we use the improved salp swarm algorithm to adaptively search the best truncation distance of density peak clustering, which avoids the subjectivity and uncertainty of manually selecting the parameters. The experimental results based on NSL-KDD dataset show that the improved salp swarm algorithm achieves faster convergence speed and higher precision, increases the average anomaly detection accuracy of 4.74% and detection rate of 6.14%, and reduces the average false positive rate of 7.38%.

Mobile Social Networks have become one of the most convenient services for users to share information everywhere. This crowdsourced information is often meaningful and recommended to users, e.g., reviews on Yelp or high marks on Dianping, which poses the threat of Sybil attacks. To address the problem of Sybil attacks, previous solutions mostly use indirect/direct graph model or clickstream model to detect fake accounts. However, they are either dependent on strong connections or solely preserved by servers of social networks. In this paper, we propose a novel predictable approach by exploiting users' custom patterns to distinguish Sybil attackers from normal users for the application of recommendation in mobile social networks. First, we introduce the entropy of spatial-temporal features to profile the mobility traces of normal users, which is quite different from Sybil attackers. Second, we develop discriminative entropy-based features, i.e., users' preference features, to measure the uncertainty of users' behaviors. Third, we design a smart Sybil detection model based on a binary classification approach by combining our entropy-based features with traditional behavior-based features. Finally, we examine our model and carry out extensive experiments on a real-world dataset from Dianping. Our results have demonstrated that the model can significantly improve the detection accuracy of Sybil attacks.

Networked control design is essential to enable normal operation and further accomplish performance improvement of the cyber-physical systems. In this work, a resilient control scheme is presented for the networked nonlinear system under the denial-of-service (DoS) attack and the system uncertainty. Through synthesizing a self regulation system, this scheme is capable of releasing the prescribed performance when attack is active and recovering that in finite-time after the attack is slept. Meanwhile, the neural network is employed to approximate the system uncertainty. Particularly, the update law possesses the non-certainty-equivalent (NCE) structure, and then the impact of the DoS attack is totally isolated. Finally, the numerical simulation is presented to illustrate the effectiveness and benefits of the estimation scheme and the control design.

When a fault occurs in power grid, the analytic model for power grid fault diagnosis could generate multiple solutions under one or more protective relays (PRs) and/or circuit breakers (CBs) malfunctioning, and/or one or more their alarm information failing. Hence, this paper, calling the electrical quantities, presents an optimal solution discrimination method, which determines the optimal solution by constructing the electrical criteria of suspicious faulty components. Furthermore, combining the established electrical criteria with the existing analytic model, a hierarchical fault diagnosis mode is proposed. It uses the analytic model for the first level diagnosis based on the switching quantities. Thereafter, aiming at multiple solutions, it applies the electrical criteria for the second level diagnosis to determine the diagnostic result. Finally, the examples of fault diagnosis demonstrate the feasibility and effectiveness of the developed method.

Recently, vehicular communications have been the focus of industry, research and development fields. There are many benefits of vehicular communications. It improves traffic management and put derivers in better control of their vehicles. Privacy and security protection are collective accountability in which all parties need to actively engage and collaborate to afford safe and secure communication environments. The primary objective of this paper is to exploit the RSS characteristic of physical layer, in order to generate a secret key that can securely be exchanged between legitimated communication vehicles. In this paper, secret key extraction from wireless channel will be the main focus of the countermeasures against VANET security attacks. The technique produces a high rate of bits stream while drop less amount of information. Information reconciliation is then used to remove dissimilarity of two initially extracted keys, to increase the uncertainty associated to the extracted bits. Five values are defined as quantization thresholds for the captured probes. These values are derived statistically, adaptively and randomly according to the readings obtained from the received signal strength.

In the current cloud service development, during the widely used of cloud service, it can self organize and respond on demand when the cloud service in phenomenon of failure or violation, but it may still cause violation. The first step in forecasting or accountability for this situation, is to generate a dynamic structure of cloud services in a timely manner. In this research, it has presented a method to generate the time-varying structure of cloud service. Firstly, dependencies between tasks and even instances within a job of cloud service are visualized to explore the time-varying characteristics contained in the cloud service structure. And then, those dependencies are discovered quantitatively using CNN (Convolutional Neural Networks). Finally, it structured into an event network of cloud service for tracing violation and other usages. A validation to this approach has been examined by an experiment based on Alibaba’s dataset. A function integrity of this approach may up to 0.80, which is higher than Bai Y and others which is no more than 0.60.

Intrusion alerts continue to grow in volume, variety, and complexity. Its cryptic nature requires substantial time and expertise to interpret the intended consequence of observed malicious actions. To assist security analysts in effectively diagnosing what alerts mean, this work develops a novel machine learning approach that translates alert descriptions to intuitively interpretable Action-Intent-Stages (AIS) with only 1% labeled data. We combine transfer learning, active learning, and pseudo labels and develop the Pseudo-Active Transfer Learning (PATRL) process. The PATRL process begins with an unsupervised-trained language model using MITRE ATT&CK, CVE, and IDS alert descriptions. The language model feeds to an LSTM classifier to train with 1% labeled data and is further enhanced with active learning using pseudo labels predicted by the iteratively improved models. Our results suggest PATRL can predict correctly for 85% (top-1 label) and 99% (top-3 labels) of the remaining 99% unknown data. Recognizing the need to build confidence for the analysts to use the model, the system provides Monte-Carlo Dropout Uncertainty and Pseudo-Label Convergence Score for each of the predicted alerts. These metrics give the analyst insights to determine whether to directly trust the top-1 or top-3 predictions and whether additional pseudo labels are needed. Our approach overcomes a rarely tackled research problem where minimal amounts of labeled data do not reflect the truly unlabeled data's characteristics. Combining the advantages of transfer learning, active learning, and pseudo labels, the PATRL process translates the complex intrusion alert description for the analysts with confidence.

Unforeseen situations on the shopfloor cause the assembly process to divert from its expected progress. To be able to overcome these deviations in a timely manner, assembly process monitoring and early deviation detection are necessary. However, legal regulations and union policies often limit the direct monitoring of human-intensive assembly processes. Grounded in an industry use case, this paper outlines a novel approach that, based on indirect privacy-respecting monitored data from the shopfloor, enables the near real-time detection of multiple types of process deviations. In doing so, this paper specifically addresses uncertainties stemming from indirect shopfloor observations and how to reason in their presence.

Internet of Things (IoT) revolutionizes cutting-edge technologies by enabling smart sensing, and actuation of the physical world. IoT enables cooperation between numerous heterogeneous smart devices to exchange and aggregate data from the surrounding environment through the internet. Recently, the range of IoT technology could be utilized in the real world by the rapid spread of sensor devices. These capabilities open the door for vital challenges. Security is the major challenge that faces the IoT networks. Traditional solutions cannot tackle smart and powerful attackers. Moving Target Defense (MTD) deploys mechanisms and strategies that increase attackers' uncertainty and frustrate their attempt to eavesdrop the target to be protected. In addition, Steganography is the practice of concealing a message within another message. For security proposes, Steganography is used to hide significant data within any transmitted messages, such as images, videos, and text files. This paper presents Stegano-MTD framework that enables combination between MTD mechanisms with steganography. This combination offers a lightweight solution that can be implemented on the IoT network. Stegano-MTD slices the message into small labeled chunks and sends them randomly through the network's nodes. Steganography is used for hide the key file that used to reconstruct the original data. Simulation results show the effectiveness of the presented solution.

As the major factors affecting the safety of deep learning models, corner cases and related detection are crucial in AI quality assurance for constructing safety- and security-critical systems. The generic corner case researches involve two interesting topics. One is to enhance DL models' robustness to corner case data via the adjustment on parameters/structure. The other is to generate new corner cases for model retraining and improvement. However, the complex architecture and the huge amount of parameters make the robust adjustment of DL models not easy, meanwhile it is not possible to generate all real-world corner cases for DL training. Therefore, this paper proposes a simple and novel approach aiming at corner case data detection via a specific metric. This metric is developed on surprise adequacy (SA) which has advantages on capture data behaviors. Furthermore, targeting at characteristics of corner case data, three modifications on distanced-based SA are developed for classification applications in this paper. Consequently, through the experiment analysis on MNIST data and industrial data, the feasibility and usefulness of the proposed method on corner case data detection are verified.

A main type of Mobile Ad hoc Networks (MANET) and essential infrastructure to provide a wide range of safety applications to passengers in vehicles (VANET) are established. VANETs are more popular today as they connect to a variety of invisible services. VANET protection is crucial as its potential use must not endanger the safety and privacy of its users. The safety of these VANETs is essential to safe and efficient safety systems and facilities and uncertainty continues and research in this field continues to grow rapidly. We will explain the characteristics and problems of VANETs in this paper. Also, all threats and attacks that affect integrity and authentication in VANETs will be defined. Description of researchers' work was consequently addressed as the table with the problems of the suggested method and objective.

In integrated gas and electricity energy systems, a catastrophic outage in one system could propagate to other, resulting in severe service interruption like what happened in 2021 Texas Blackout. To alleviate detrimental effects of these events, a coordinated effort must be adopted between integrated energy systems. In this paper, a central situational awareness system (CSAS) is developed to improve the coordination of operational resiliency measures by facilitating information sharing between power distribution systems (PDSs) and natural gas networks (NGNs) during emergency conditions. The CSAS collects operational data of the PDS and the NGN as well as data of upcoming weather condition, extracts the most vulnerable lines and pipelines, and accordingly obtains emergency actions. The emergency actions, i.e., optimal multi-microgrid formation, scheduling of distribution energy resources (DERs), and optimal electrical and gas load shedding plan, are optimized through a coupled graph-based approach with stochastic mixed integer linear programming (MILP) model. In the proposed model, uncertainties of renewable energy resources (RESs) is also considered. Numerical results on an integrated IEEE 33-bus and 30-node NGNs demonstrate the effectiveness of proposed CSAS.

Advances in artificial intelligence (AI) have provided a variety of solutions in several real-world complex problems. One of the current trends contains the integration of various AI tools to improve the proposed solutions. The question that has to be revisited is how tools may be put together to form efficient systems suitable for the problem at hand. This paper frames itself in the area of nuclear security where an agent uses a radiation sensor to survey an area for radiological threats. The main goal of this application is to identify anomalies in the measured data that designate the presence of nuclear material that may consist of a threat. To that end, we propose the integration of two kernel modeled Gaussian processes (GP) by using a fuzzy inference system. The GP models utilize different types of information to make predictions of the background radiation contribution that will be used to identify an anomaly. The integration of the prediction of the two GP models is performed with means of fuzzy rules that provide the degree of existence of anomalous data. The proposed system is tested on a set of real-world gamma-ray spectra taken with a low-resolution portable radiation spectrometer.

Probabilistic security metrics estimate the vulnerability of a network in terms of the likelihood of an attacker reaching the goal states (of a network) by exploiting the attack graph paths. The probability computation depends upon several assumptions regarding the possible attack scenarios. In this paper, we extend the existing security metric to model networks with intrusion detection systems and their associated uncertainties and time latencies. We consider learning capabilities of attackers as well as detection systems. Estimation of risk is obtained by using the attack paths that are undetectable owing to the latency of the detection system. Thus, we define the overall vulnerability (of a network) as a function of the time window available to an attacker for repeated exploring (via learning) and exploitation of a network, before the attack is mitigated by the detection system. Finally, we consider the realistic scenario where an attacker explores and abandons various partial paths in the attack graph before the actual exploitation. A dynamic programming formulation of the vulnerability computation methodology is proposed for this scenario. The nature of these metrics are explained using a case study showing the vulnerability spectrum from the case of zero detection latency to a no detection scenario.

A random rule foam grows and combines several independent fuzzy rule-based systems by randomly sampling input-output data from a trained deep neural classifier. The random rule foam defines an interpretable proxy system for the sampled black-box classifier. The random foam gives the complete Bayesian posterior probabilities over the foam subsystems that contribute to the proxy system's output for a given pattern input. It also gives the Bayesian posterior over the if-then fuzzy rules in each of these constituent foams. The random foam also computes a conditional variance that describes the uncertainty in its predicted output given the random foam's learned rule structure. The mixture structure leads to bootstrap confidence intervals around the output. Using the Bayesian posterior probabilities to prune or discard low-probability sub-foams improves the system's classification accuracy. Simulations used the MNIST image data set of 60,000 gray-scale images of ten hand-written digits. Dropping the lowest-probability foams per input pattern brought the pruned random foam's classification accuracy nearly to that of the neural classifier. Posterior pruning outperformed simple accuracy pruning of a random foam and outperformed a random forest trained on the same neural classifier.

Trust estimation of vehicles is vital for the correct functioning of Vehicular Ad Hoc Networks (VANETs) as it enhances their security by identifying reliable vehicles. However, accurate trust estimation still remains distant as existing works do not consider all malicious features of vehicles, such as dropping or delaying packets, altering content, and injecting false information. Moreover, data consistency of messages is not guaranteed here as they pass through multiple paths and can easily be altered by malicious relay vehicles. This leads to difficulty in measuring the effect of content tampering in trust calculation. Further, unreliable wireless communication of VANETs and unpredictable vehicle behavior may introduce uncertainty in the trust estimation and hence its accuracy. In this view, we put forward three trust factors - captured by fuzzy sets to adequately model malicious properties of a vehicle and apply a fuzzy logic-based algorithm to estimate its trust. We also introduce a parameter to evaluate the impact of content modification in trust calculation. Experimental results reveal that the proposed scheme detects malicious vehicles with high precision and recall and makes decisions with higher accuracy compared to the state-of-the-art.

It is important to be able to establish formal performance bounds for autonomous systems. However, formal verification techniques require a model of the environment in which the system operates; a challenge for autonomous systems, especially those expected to operate over longer timescales. This paper describes work in progress to automate the monitor and repair of ROS-based autonomous robot software written for an apriori partially known and possibly incorrect environment model. A taint analysis method is used to automatically extract the dataflow sequence from input topic to publish topic, and instrument that code. A unique reinforcement learning approximation of MDP utility is calculated, an empirical and non-invasive characterization of the inherent objectives of the software designers. By comparing design (a-priori) utility with deploy (deployed system) utility, we show, using a small but real ROS example, that it's possible to monitor a performance criterion and relate violations of the criterion to parts of the software. The software is then patched using automated software repair techniques and evaluated against the original off-line utility.

Technology and the use of online services are very prevalent across much of our everyday lives. As our digital interactions continue to grow, there is a need to improve public awareness of the risks to our personal online privacy and security. Designing for cyber security awareness has never been so important. In this work, we consider people's current impressions towards their privacy and security online. We also explore how abnormal network activity data can be visually conveyed to afford a heightened cyber security awareness. In detail, the paper documents the different effects of visual variables in an edge and node DoS visualisation to depict abnormally high volumes of traffic. The results from two studies show that people are generally becoming more concerned about their privacy and security online. Moreover, we have found that the more focus based visual techniques (i.e. blur) and geometry-based techniques (i.e. jaggedness and sketchiness) afford stronger impressions of uncertainty from abnormally high volumes of network traffic. In terms of security, these impressions and feelings alert in the end-user that something is not quite as it should be and hence develop a heightened cyber security awareness.

Waveguided air-coupled ultrasonic phased arrays offer grating-lobe-free beam forming for many applications such as obstacle detection, non-destructive testing, flow metering or tactile feedback. However, for industrial applications, the open output ports of the waveguide can be clogged due to dust, liquids or dirt leading to additional acoustic attenuation. In previous work, we presented the effectiveness of hydrophobic fabrics as a protection layer for acoustic waveguides. In this work, we created a numerical model of the waveguide including the hydrophobic fabric allowing the prediction of the insertion loss (IL). The numerical model uses the boundary element method (BEM) and the finite element method (FEM) in the frequency domain including the waveguide, the hydrophobic fabric and the finite-sized rigid baffle used in the measurements. All walls are assumed as ideal sound hard and the transducers are ideal piston transducers. The specific flow resistivity of the hydrophobic fabric, which is required for the simulation, is analyzed using a 3D-printed flow pipe. The simulations are validated with a calibrated microphone in an anechoic chamber. The IL of the simulations are within the uncertainties of the measurements. In addition, both the measurements and the simulations have no significant influence on the beamforming capabilities.

Despite the performance of state-of-the-art Artificial Intelligence (AI) systems, some sectors hesitate to adopt AI because of a lack of trust in these systems. This attitude is prevalent among high-risk areas, where there is a reluctance to remove humans entirely from the loop. In these scenarios, Augmentation provides a preferred alternative over complete Automation. Instead of replacing humans, AI Augmentation uses AI to improve and support human operations, creating an environment where humans work side by side with AI systems. In this paper, we discuss how AI Augmentation can provide a path for building Trustworthy AI. We exemplify this approach using Robot Teleoperation. We lay out design guidelines and motivations for the development of AI Augmentation for Robot Teleoperation. Finally, we discuss the design of a Robot Teleoperation testbed for the development of AI Augmentation systems.

Cyber threat intelligence (CTI) is an effective approach to improving cyber security of businesses. CTI provides information of business contexts affected by cyber threats and the corresponding countermeasures. If businesses can identify relevant CTI, they can take defensive actions before the threats, described in the relevant CTI, take place. However, businesses still lack knowledge to help identify relevant CTI. Furthermore, information in real-world systems is usually vague, imprecise, inconsistent and incomplete. This paper defines a business object that is a business context surrounded by CTI. A business object models the connection knowledge for CTI onto the business. To assemble the business objects, this paper proposes a novel representation of business oriented CTI and a system used for constructing and extracting the business objects. Generalised grey numbers, fuzzy sets and rough sets are used for the representation, and set approximations are used for the extraction of the business objects. We develop a prototype of the system and use a case study to demonstrate how the system works. We then conclude the paper together with the future research directions.

The paper proposes a method for solving problems of classifying multi-step attacks on wireless sensor networks in the conditions of uncertainty (incompleteness and inconsistency) of the observed signs of attacks. The method aims to eliminate the uncertainty of classification of attacks on networks of this class one the base of the use of neural network approaches to the processing of incomplete and contradictory knowledge on possible attack characteristics. It allows increasing objectivity (accuracy and reliability) of information security monitoring in modern software and hardware systems and Internet of Things networks that actively exploit advantages of wireless sensor networks.

In the past few years, the malware industry has been thriving. Malware variants among the same malware family shared similar behavioural patterns or signatures reflecting their purpose. We propose an approach that combines support vector machine (SVM) classifiers and active learning by learning (ALBL) techniques to deal with insufficient labeled data in terms of the malware classification tasks. The proposed approach is evaluated with the malware family dataset from Microsoft Malware Classification Challenge (BIG 2015) on Kaggle. The results show that ALBL techniques can effectively boost the performance of our machine learning models and improve the quality of labeled samples.