Biblio

Network security has become an important issue in our work and life. Hackers' attack mode has been upgraded from normal attack to APT( Advanced Persistent Threat, APT) attack. The key of APT attack chain is the penetration and intrusion of active directory, which can not be completely detected via the traditional IDS and antivirus software. Further more, lack of security protection of existing solutions for domain control aggravates this problem. Although researchers have proposed methods for domain attack detection, many of them have not yet been converted into effective market-oriented products. In this paper, we analyzes the common domain intrusion methods, various domain related attack behavior characteristics were extracted from ATT&CK matrix (Advanced tactics, techniques, and common knowledge) for analysis and simulation test. Based on analyzing the log file generated by the attack, the domain attack detection rules are established and input into the analysis engine. Finally, the available domain intrusion detection system is designed and implemented. Experimental results show that the network attack detection method based on the analysis of domain attack behavior can analyze the log file in real time and effectively detect the malicious intrusion behavior of hackers , which could facilitate managers find and eliminate network security threats immediately.

Port scans are a persistent problem on contemporary communication networks. Typically used as an attack reconnaissance tool, they can also create problems with application performance and throughput. This paper describes an architecture that deploys sequential neural networks (NNs) to classify packets, separate TCP datagrams, determine the type of TCP packet and detect port scans. Sequential networks allow this lengthy task to learn from the current environment and to be broken up into component parts. Following classification, analysis is performed in order to discover scan attempts. We show that neural networks can be used to successfully classify general packetized traffic at recognition rates above 99% and more complex TCP classes at rates that are also above 99%. We demonstrate that this specific communications task can successfully be broken up into smaller work loads. When tested against actual NMAP scan pcap files, this model successfully discovers open ports and the scan attempts with the same high percentage and low false positives.

Packet classification is a key function in network security systems in SDN, which detect potential threats by matching the packet header bits and a given rule set. It needs to support multi-dimensional fields, large rule sets, and high throughput. Bit Vector-based packet classification methods can support multi-field matching and achieve a very high throughput, However, the range matching is still challenging. To address issue, this paper proposes a Range Supported Bit Vector (RSBV) algorithm for processing the range fields. RSBV uses specially designed codes to store the pre-computed results in memory, and the result of range matching is derived through pipelined Boolean operations. Through a two-dimensional modular architecture, the RSBV can operate at a high clock frequency and line-rate processing can be guaranteed. Experimental results show that for a 1K and 512-bit OpenFlow rule set, the RSBV can sustain a throughput of 520 Million Packets Per Second.

Reliable communication over the wireless network with high throughput is a major target for the next generation communication technologies. Network coding can significantly improve the throughput efficiency of the network in a cooperative environment. The small cell technology and device to device communication make network coding an ideal candidate for improved performance in the fifth generation of communication networks. However, the security concerns associated with network coding needs to be addressed before any practical implementations. Pollution attacks are considered one of the most threatening attacks in the network coding environment. Although there are different integrity schemes to detect polluted packets, identifying the exact adversary in a network coding environment is a less addressed challenge. This paper proposes a scheme for identifying and locating adversaries in a dense, network coding enabled environment of mobile nodes. It also discusses a non-repudiation protocol that will prevent adversaries from deceiving the network.

In modern grid systems which is a typical cyber-physical System (CPS), information space and physical space are closely related. Once the communication link is interrupted, it will make a great damage to the power system. If the service path is too concentrated, the risk will be greatly increased. In order to solve this problem, this paper constructs a route planning algorithm that combines node load pressure, link load balance and service delay risk. At present, the existing intelligent algorithms are easy to fall into the local optimal value, so we chooses the deep reinforcement learning algorithm (DRL). Firstly, we build a risk assessment model. The node risk assessment index is established by using the node load pressure, and then the link risk assessment index is established by using the average service communication delay and link balance degree. The route planning problem is then solved by a route planning algorithm based on DRL. Finally, experiments are carried out in a simulation scenario of a power grid system. The results show that our method can find a lower risk path than the original Dijkstra algorithm and the Constraint-Dijkstra algorithm.

When using deep learning for DDoS attack detection, there is a general degradation in detection performance due to small sample size. This paper proposes a small-sample DDoS attack detection method based on deep transfer learning. First, deep learning techniques are used to train several neural networks that can be used for transfer in DDoS attacks with sufficient samples. Then we design a transferability metric to compare the transfer performance of different networks. With this metric, the network with the best transfer performance can be selected among the four networks. Then for a small sample of DDoS attacks, this paper demonstrates that the deep learning detection technique brings deterioration in performance, with the detection performance dropping from 99.28% to 67%. Finally, we end up with a 20.8% improvement in detection performance by deep transfer of the 8LANN network in the target domain. The experiment shows that the detection method based on deep transfer learning proposed in this paper can well improve the performance deterioration of deep learning techniques for small sample DDoS attack detection.

Recently, as the threat of Distributed Denial-of-Service attacks exploiting IoT devices has spread, source-side Denial-of-Service attack detection methods are being studied in order to quickly detect attacks and find their locations. Moreover, to mitigate the limitation of local view of source-side detection, a collaborative attack detection technique is required to share detection results on each source-side network. In this paper, a new collaborative source-side DDoS attack detection method is proposed for detecting DDoS attacks on multiple networks more correctly, by considering the detecting performance on different time zone. The results of individual attack detection on each network are weighted based on detection rate and false positive rate corresponding to the time zone of each network. By gathering the weighted detection results, the proposed method determines whether a DDoS attack happens. Through extensive evaluation with real network traffic data, it is confirmed that the proposed method reduces false positive rate by 35% while maintaining high detection rate.

Protocol detection is the process of determining the application layer protocol in the context of network security monitoring, which requires a timely and precise decision to enable protocol-specific deep packet inspection. This task has proven to be complex, as isolated characteristics, like port numbers, are not sufficient to reliably determine the application layer protocol. In this paper, we analyze the Dynamic Protocol Detection mechanisms employed by popular and widespread open-source network monitoring tools. On the example of HTTP, we show that all analyzed detection mechanisms are vulnerable to evasion attacks. This poses a serious threat to real-world monitoring operations. We find that the underlying fundamental problem of protocol disambiguation is not adequately addressed in two of three monitoring systems that we analyzed. To enable adequate operational decisions, this paper highlights the inherent trade-offs within Dynamic Protocol Detection.

We study the problem of designing a dynamic mechanism for security management in an interconnected multi-agent system with N strategic agents and one coordinator. The system is modeled as a network of N vertices. Each agent resides in one of the vertices of the network and has a privately known security state that describes its safety level at each time. The evolution of an agent's security state depends on its own state, the states of its neighbors in the network and on actions taken by a network coordinator. Each agent's utility at time instant t depends on its own state, the states of its neighbors in the network and on actions taken by a network coordinator. The objective of the network coordinator is to take security actions in order to maximize the long-term expected social surplus. Since agents are strategic and their security states are private information, the coordinator needs to incentivize agents to reveal their information. This results in a dynamic mechanism design problem for the coordinator. We leverage the inter-temporal correlations between the agents' security states to identify sufficient conditions under which an incentive compatible expected social surplus maximizing mechanism can be constructed. We then identify two special cases of our formulation and describe how the desired mechanism is constructed in these cases.

Automatic Image Analysis, Image Classification, Automatic Object Recognition are some of the aspiring research areas in various fields of Engineering. Many Industrial and biological applications demand Image Analysis and Image Classification. Sample images available for classification may be complex, image data may be inadequate or component regions in the image may have poor visibility. With the available information each Digital Image Processing application has to analyze, classify and recognize the objects appropriately. Pre-processing, Image segmentation, feature extraction and classification are the most common steps to follow for Classification of Images. In this study we applied various existing edge detection methods like Robert, Sobel, Prewitt, Canny, Otsu and Laplacian of Guassian to crab images. From the conducted analysis of all edge detection operators, it is observed that Sobel, Prewitt, Robert operators are ideal for enhancement. The paper proposes Enhanced Sobel operator, Enhanced Prewitt operator and Enhanced Robert operator using morphological operations and masking. The novelty of the proposed approach is that it gives thick edges to the crab images and removes spurious edges with help of m-connectivity. Parameters which measure the accuracy of the results are employed to compare the existing edge detection operators with proposed edge detection operators. This approach shows better results than existing edge detection operators.

Adversarial models are well-established for cryptographic protocols, but distributed real-time protocols have requirements that these abstractions are not intended to cover. The IEEE/IEC 61850 standard for communication networks and systems for power utility automation in particular not only requires distributed processing, but in case of the generic object oriented substation events and sampled value (GOOSE/SV) protocols also hard real-time characteristics. This motivates the desire to include both quality of service (QoS) and explicit network topology in an adversary model based on a π-calculus process algebraic formalism based on earlier work. This allows reasoning over process states, placement of adversarial entities and communication behaviour. We demonstrate the use of our model for the simple case of a replay attack against the publish/subscribe GOOSE/SV subprotocol, showing bounds for non-detectability of such an attack.

With the explosive development of big data, it is necessary to sort the data according to their importance or priorities. The sources with different importance levels can be modeled by the multilevel diversity coding systems (MDCS). Another trend in future communication networks, say 5G wireless networks and Internet of Things, is that users may obtain their data from all available sources, even from devices belonging to other users. Then, the privacy of data becomes a crucial issue. In a recent work by Li et al., the secure asymmetric MDCS (S-AMDCS) with wiretap channels was investigated, where the wiretapped messages do not leak any information about the sources (i.e. perfect secrecy). It was shown that superposition (source-separate coding) is not optimal for the general S-AMDCS and the exact full secure rate region was proved for a class of S-AMDCS. In addition, a bound on the key size of the secure rate region was provided as well. As a further step on the SAMDCS problem, this paper mainly focuses on the key size characterization. Specifically, the constraints on the key size of superposition secure rate region are proved and a counterexample is found to show that the bound on the key size of the exact secure rate region provided by Li et al. is not tight. In contrast, tight necessary and sufficient constraints on the secrecy key size of the counterexample, which is the four-encoder S-AMDCS, are proved.

In this paper, according to the electricity business process including collecting and transmitting power information and sending control instructions, a coupling model of control-communication flow is built which is composed of three main matrices: control-communication, communication-communication, communication-control incidence matrices. Furthermore, the effective path change between two communication nodes is analyzed and a calculation method of connectivity probability for information network is proposed when considering a breakdown in communication links. Then, based on Bayesian conditional probability theory, the effect of the communication interruption on the energy Internet is analyzed and the metric matrix of controllability is given under communication congestion. Several cases are given in the final of paper to verify the effectiveness of the proposed method for calculating controllability matrix by considering different link interruption scenarios. This probability index can be regarded as a quantitative measure of the controllability of the power service based on the communication transmission instructions, which can be used in the power business decision-making in order to improve the control reliability of the energy Internet.

Network security is an important issue in today's world with existence of network systems that communicate data and information about all aspects of our life, work and business. Network security is an important issue with connected networks and data communication between organisations of that specialized in different areas. Network security engineers spend a considerable amount of time to investigate network for security breaches and to enhance the security of their networks and data communications on their networks. They use Attack Graphs (AGs) which are graphical representation of networks to assist them in analysing large networks. With increase size of networks and their complexity, the use of attack graphs alone does not provide the necessary risk analysis and assessment facilities. There is a need for automated intelligent systems such as multiagent systems to assist in analysing, assessing and testing networks. Network systems changes with the increase in the size of organisation and connectivity of network of organisations based on the business needs or organisational or governmental rules and regulations. In this paper a multi-agent system is developed assist in analysing interconnected network to identify security risks. The multi-agent system is capable of security network analysis to identify paths using an attack graph of the network under consideration to protect network systems, as the networks grow and change, against possible attacks. The multiagent system uses a model developed by Mohammadian [3] for converting AGs to Fuzzy Cognitive Maps (FCMs) to identify attack paths from attack graphs and perform security risk analysis. In this paper a novel decision-making approach using FCMs is employed.

Smart cities comprise multiple critical infrastructures, two of which are the power grid and communication networks, backed by centralized data analytics and storage. To effectively model the interdependencies between these infrastructures and enable a greater understanding of how communities respond to and impact them, large amounts of varied, real-world data on residential and commercial consumer energy consumption, load patterns, and associated human behavioral impacts are required. The dissemination of such data to the research communities is, however, largely restricted because of security and privacy concerns. This paper creates an opportunity for the development and dissemination of synthetic energy consumption data which is inherently anonymous but holds similarities to the properties of real data. This paper explores a framework using mixture density network (MDN) model integrated with a multi-layered Long Short-Term Memory (LSTM) network which shows promise in this area of research. The model is trained using an initial sample recorded from residential smart meters in the state of Florida, and is used to generate fully synthetic energy consumption data. The synthesized data will be made publicly available for interested users.

Cyber-Physical-Systems are subject to cyber-attacks due to existing vulnerabilities in the various components constituting them. System Resiliency is concerned with the extent the system is able to bounce back to a normal state under attacks. In this paper, two communication Networks are analyzed, formally described, and modeled using Architecture Analysis & Design Language (AADL), identifying their architecture, connections, vulnerabilities, resources, possible attack instances as well as their pre-and post-conditions. The generated network models are then verified against a security property using JKind model checker integrated tool. The union of the generated attack sequences/scenarios resulting in overall network compromise (given by its loss of stability) is the Attack graph. The generated Attack graph is visualized graphically using Unity software, and then used to assess the worst Level of Resilience for both networks.

In order to standardize and describe vulnerability information in detail as far as possible and realize knowledge sharing, reuse and extension at the semantic level, a vulnerability ontology is constructed based on the information security public databases such as CVE, CWE and CAPEC and industry public standards like CVSS. By analyzing the relationship between vulnerability class and weakness class, inference rules are defined to realize knowledge inference from vulnerability instance to its consequence and from one vulnerability instance to another vulnerability instance. The experimental results show that this model can analyze the causal and congeneric relationships between vulnerability instances, which is helpful to repair vulnerabilities and predict attacks.

This Innovate Practice Full Paper describes our experience with teaching cybersecurity topics using guided inquiry collaborative learning. The goal is to not only develop the students' in-depth technical knowledge, but also “soft skills” such as communication, attitude, team work, networking, problem-solving and critical thinking. This paper reports our experience with developing and using the Guided Inquiry Collaborative Learning materials on the topics of firewall and IPsec. Pre- and post-surveys were conducted to access the effectiveness of the developed materials and teaching methods in terms of learning outcome, attitudes, learning experience and motivation. Analysis of the survey data shows that students had increased learning outcome, participation in class, and interest with Guided Inquiry Collaborative Learning.

Nowadays citizens live in a world where communication technologies offer opportunities for new interactions between people and society. Clearly, e-government is changing the way citizens relate to their government, moving the interaction of physical environment and management towards digital participation. Therefore, it is necessary for e-government to have procedures in place to prevent and lessen the negative impact of an attack or intrusion by third parties. In this research work, he focuses on the implementation of anonymous communication in a proof of concept application called “Delta”, whose function is to allow auctions and offers of products, thus marking the basis for future implementations in e-government services.

High frequency of network security incidents has also brought a lot of negative effects and even huge economic losses to countries, enterprises and individuals in recent years. Therefore, more and more attention has been paid to the problem of network security. In order to evaluate the newly included vulnerability text information accurately, and to reduce the workload of experts and the false negative rate of the traditional method. Multiple deep learning methods for vulnerability text classification evaluation are proposed in this paper. The standard Cross Site Scripting (XSS) vulnerability text data is processed first, and then classified using three kinds of deep neural networks (CNN, LSTM, TextRCNN) and one kind of traditional machine learning method (XGBoost). The dropout ratio of the optimal CNN network, the epoch of all deep neural networks and training set data were tuned via experiments to improve the fit on our target task. The results show that the deep learning methods evaluate vulnerability risk levels better, compared with traditional machine learning methods, but cost more time. We train our models in various training sets and test with the same testing set. The performance and utility of recurrent convolutional neural networks (TextRCNN) is highest in comparison to all other methods, which classification accuracy rate is 93.95%.

To solve the problems of weak linkage ability and low intellectualization of strategy allocation in existing network security devices, a new method of cognitive linkage of network security equipment is proposed by learning from human brain. Firstly, the basic connotation and cognitive cycle of cognitive linkage are expounded. Secondly, the main functions of cognitive linkage are clarified. Finally, the cognitive linkage system model is constructed, and the information process flow of cognitive linkage is described. Cognitive linkage of network security equipment provides a new way to effectively enhance the overall protection capability of network security equipment.

Wireless Mesh Networks (WMN) are becoming inevitable in this world of high technology as it provides low cost access to broadband services. Moreover, the technologists are doing research to make WMN more reliable and secure. Subsequently, among wireless ad-hoc networking technologies, Bluetooth Low Energy (BLE) is gaining high degree of importance among researchers due to its easy availability in the gadgets and low power consumption. BLE started its journey from version 4.0 and announced the latest version 5 with mesh support capability. BLE being a low power and mesh supported technology is nowadays among the hot research topics for the researchers. Many of the researchers are working on BLE mesh technology to make it more efficient and smart. Apart from other variables of efficiency, like all communication networks, mesh network security is also of a great concern. In view of the aforesaid, this paper provides a comprehensive review on several works associated to the security in WMN and BLE mesh networks and the research related to the BLE security protocols. Moreover, after the detailed research on related works, this paper has discussed the pros and cons of the present developed mesh security mechanisms. Also, at the end after extracting the curx from the present research on WMN and BLE mesh security, this research study has devised some solutions as how to mitigate the BLE mesh network security lapses.

An improved algorithm of the Analytic Hierarchy Process (AHP) is proposed in this paper, which is realized by constructing an improved judgment matrix. Specifically, rough set theory is used in the algorithm to calculate the weight of the network metric data, and then the improved AHP algorithm nine-point systemic is structured, finally, an improved AHP judgment matrix is constructed. By performing an AHP operation on the improved judgment matrix, the weight of the improved network metric data can be obtained. If only the rough set theory is applied to process the network index data, the objective factors would dominate the whole process. If the improved algorithm of AHP is used to integrate the expert score into the process of measurement, then the combination of subjective factors and objective factors can be realized. Based on the aforementioned theory, a new network attack metrics system is proposed in this paper, which uses a metric structure based on "attack type-attack attribute-attack atomic operation-attack metrics", in which the metric process of attack attribute adopts AHP. The metrics of the system are comprehensive, given their judgment of frequent attacks is universal. The experiment was verified by an experiment of a common attack Smurf. The experimental results show the effectiveness and applicability of the proposed measurement system.

The chances of cyber-attacks have been increased because of incorporation of communication networks and information technology in power system. Main objective of the paper is to prove that attacker can launch the attack vector without the knowledge of complete network information and the injected false data can't be detected by power system operator. This paper also deals with analyzing the impact of multi-attacking strategy on the power system. This false data attacks incurs lot of damage to power system, as it misguides the power system operator. Here, we demonstrate the construction of attack vector and later we have demonstrated multiple attacking regions in IEEE 14 bus system. Impact of attack vector on the power system can be observed and it is proved that the attack cannot be detected by power system operator with the help of residue check method.

To improve production efficiency, more industrial control systems are connected to IT networks, and more IT technologies are applied to industrial control networks, network security has become an important problem. Industrial control network security analysis and decision-making is a effective method to solve the problem, which can predict risks and support to make decisions before the actual fault of the industrial control network system has not occurred. This paper proposes a security analysis and decision-making method with forward reasoning based on strong relevant logic for industrial control networks. The paper presents a case study in security analysis and decision-making for industrial control networks. The result of the case study shows that the proposed method is effective.