Biblio

Nowadays, automotive products are intelligence intensive and thus inevitably handle multiple functionalities under the current high-speed networking environment. The embedded virtualization has high potentials in the automotive industry, thanks to its advantages in function integration, resource utilization, and security. The invention of ARM virtualization extensions has made it possible to run open-source hypervisors, such as Xen and KVM, for embedded applications. Nevertheless, there is little work to investigate the performance of these hypervisors on automotive platforms. This paper presents a detailed analysis of different types of open-source hypervisors that can be applied in the ARM platform. We carry out the virtualization performance experiment from the perspectives of CPU, memory, file I/O, and some OS operation performance on Xen and Jailhouse. A series of microbenchmark programs have been designed, specifically to evaluate the real-time performance of various hypervisors and the relevant overhead. Compared with Xen, Jailhouse has better latency performance, stable latency, and little interference jitter. The performance experiment results help us summarize the advantages and disadvantages of these hypervisors in automotive applications.

Information systems and applications provide indispensable services at every stage of life, enabling us to carry out our activities more effectively and efficiently. Today, information technology systems produce many alarm and event records. These produced records often have a relationship with each other, and when this relationship is captured correctly, many interruptions that will harm institutions can be prevented before they occur. For example, an increase in the disk I/O speed of a server or a problem may cause the business software running on that server to slow down and cause different results in this slowness. Here, an institution’s accurate analysis and management of all event records, and rule-based analysis of the resulting records in certain time periods and depending on certain rules will ensure efficient and effective management of millions of alarms. In addition, it will be possible to prevent possible problems by removing the relationships between events. Events that occur in IT systems are a kind of footprint. It is also vital to keep a record of the events in question, and when necessary, these event records can be analyzed to analyze the efficiency of the systems, harmful interferences, system failure tendency, etc. By understanding the undesirable situations such as taking the necessary precautions, possible losses can be prevented. In this study, the model developed for fault prediction in systems by performing event log analysis in information systems is explained and the experimental results obtained are given.

In high-performance computing (HPC), scientific applications often manage a massive amount of data using I/O libraries. These libraries provide convenient data model abstractions, help ensure data portability, and, most important, empower end users to improve I/O performance by tuning configurations across multiple layers of the HPC I/O stack. We propose SCTuner, an autotuner integrated within the I/O library itself to dynamically tune both the I/O library and the underlying I/O stack at application runtime. To this end, we introduce a statistical benchmarking method to profile the behaviors of individual supercomputer I/O subsystems with varied configurations across I/O layers. We use the benchmarking results as the built-in knowledge in SCTuner, implement an I/O pattern extractor, and plan to implement an online performance tuner as the SCTuner runtime. We conducted a benchmarking analysis on the Summit supercomputer and its GPFS file system Alpine. The preliminary results show that our method can effectively extract the consistent I/O behaviors of the target system under production load, building the base for I/O autotuning at application runtime.

Nowadays, hypervisors are the standard solution to integrate different domains into a shared hardware platform, while providing safety, security, and predictability. To this end, a hypervisor virtualizes the physical platform and orchestrates the access to each component. When the system needs to comply with certification requirements for safety-critical systems, virtualization latencies need to be analytically bounded for providing off-line guarantees. This paper presents a detailed modeling of three I/O virtualization techniques, providing analytical bounds for each of them under different metrics. Experimental results compare the bounds for a case study and quantify the contribution due to different sources of delay.

This paper presents a fully blind false data injection (FDI) attack against an industrial field-bus i.e. PROFINET that is widely used in Siemens distributed Input/Output (I/O) systems. In contrast to the existing academic efforts in the research community which assume that an attacker is already familiar with the target system, and has a full knowledge of what is being transferred from the sensors or to the actuators in the remote I/O module, our attack overcomes these strong assumptions successfully. For a real scenario, we first sniff and capture real time data packets (PNIO-RT) that are exchanged between the IO-Controller and the IO-Device. Based on the collected data, we create an I/O database that is utilized to replace the correct data with false one automatically and online. Our full attack-chain is implemented on a real industrial setting based on Siemens devices, and tested for two scenarios. In the first one, we manipulate the data that represents the actual sensor readings sent from the IO-Device to the IO-Controller, whereas in the second scenario we aim at manipulating the data that represents the actuator values sent from the IO-Controller to the IO-Device. Our results show that compromising PROFINET I/O systems in the both tested scenarios is feasible, and the physical process to be controlled is affected. Eventually we suggest some possible mitigation solutions to secure our systems from such threats.

Biometrics as a means of personal authentication has demonstrated strong viability in the past decade. However, directly deriving a unique cryptographic key from biometric data is a non-trivial task due to the fact that biometric data is usually noisy and presents large intra-class variations. Moreover, biometric data is permanently associated with the user, which leads to security and privacy issues. Cancellable biometrics and bio-cryptosystem are two main branches to address those issues, yet both approaches fall short in terms of accuracy performance, security, and privacy. In this paper, we propose a Bio-Crypto system on fingerprint Cancellable template (Bio-CanCrypto), which bridges cancellable biometrics and bio-cryptosystem to achieve a middle-ground for alleviating the limitations of both. Specifically, a cancellable transformation is applied on a fixed-length fingerprint feature vector to generate cancellable templates. Next, an LDPC coding mechanism is introduced into a reusable fuzzy extractor scheme and used to extract the stable cryptographic key from the generated cancellable templates. The proposed system can achieve both cancellability and reusability in one scheme. Experiments are conducted on a public fingerprint dataset, i.e., FVC2002. The results demonstrate that the proposed LDPC coded reusable fuzzy extractor is effective and promising.

Nowadays, biometric is a most technique to authenticate /identify human been, because its resistance against theft, loss or forgetfulness. However, biometric is subject to different transmission attacks. Today, the protection of the sensitive biometric information is a big challenge, especially in current wireless networks such as internet of things where the transmitted data is easy to sniffer. For that, this paper proposes an Eigens-Fingerprint-based biometric cryptosystem, where the biometric feature vectors are extracted by the Principal Component Analysis technique with an appropriate quantification. The key-binding principle incorporated with bit-wise and byte-wise correcting code is used for encrypting data and sharing key. Several recognition rates and computation time are used to evaluate the proposed system. The findings show that the proposed cryptosystem achieves a high security without decreasing the accuracy.

Modern malware indicators utilized by the current top threat feeds are easily bypassed and generated through enigmatic methods, leading to a lack of detection capabilities for cyber defenders. Static hash-based algorithms such as MD5 or SHA generate indicators that are rendered obsolete by modifying a single byte of the source file. Conversely, fuzzy hash-based algorithms such as SSDEEP and TLSH are more robust to alterations of source information; however, these methods often utilize context boundaries that are hard to define or not based on meaningful information. In previous work, a custom binary analysis tool was created called @DisCo. In this study, four current ransomware campaigns were analyzed using TLSH fuzzy hashing and the @DisCo tool. While TLSH works on the binary level of the entire program, @DisCo works at an intermediate function level. The results from each analysis method were compared to provide validation between the two as well as introduce a narrative for using combinations of these types of methods for the creation of stronger indicators of compromise.

Nowadays, biometric-based authentication systems are widely used. This fact has led to increased attacks on biometric data of users. Therefore, biometric template protection is sure to keep the attention of researchers for the security of the authentication systems. Many previous works proposed the biometric template protection schemes by transforming the original biometric data into a secure domain, or establishing a cryptographic key with the use of biometric data. The main purpose was that fulfill the all three requirements: cancelability, security, and performance as many as possible. In this paper, using random projection merged with fuzzy commitment, we will introduce a hybrid scheme of biometric template protection. We try to limit their own drawbacks and take full advantages of these techniques at the same time. In addition, an analysis of non-invertibility property will be exercised with regards to the use of random projection aiming at enhancing the security of the system while preserving the discriminability of the original biometric template.

Numerous prevalent techniques build a Multi-Modal Biometric (MMB) system that struggles in offering security and also revocability onto the templates. This work proffered a MMB system centred on the Modulus Fuzzy Vault (MFV) aimed at resolving these issues. The methodology proposed includes Fingerprint (FP), Palmprint (PP), Ear and also Retina images. Utilizing the Boosted Double Plateau Histogram Equalization (BDPHE) technique, all images are improved. Aimed at removing the unnecessary things as of the ear and the blood vessels are segmented as of the retina images utilizing the Modified Balanced Iterative Reducing and Clustering using Hierarchy (MBIRCH) technique. Next, the input traits features are extracted; then the essential features are chosen as of the features extracted utilizing the Bidirectional Deer Hunting optimization Algorithm (BDHOA). The features chosen are merged utilizing the Normalized Feature Level and Score Level (NFLSL) fusion. The features fused are saved securely utilizing Modulus Fuzzy Vault. Upto fusion, the procedure is repeated aimed at the query image template. Next, the de-Fuzzy Vault procedure is executed aimed at the query template, and then the key is detached by matching the query template’s and input biometric template features. The key separated is analogized with the threshold that categorizes the user as genuine or else imposter. The proposed BDPHE and also MFV techniques function efficiently than the existent techniques.

Physical unclonable functions (PUFs) are used to create unique device identifiers from their inherent fabrication variability. Unstable readings and variation of the PUF response over time are key issues that limit the applicability of PUFs in real-world systems. In this project, we developed a fuzzy extractor (FE) to generate robust cryptographic keys from ReRAM-based PUFs. We tested the efficiency of the proposed FE using BCH and Polar error correction codes. We use ReRAM-based PUFs operating in pre-forming range to generate binary cryptographic keys at ultra-low power with an objective of tamper sensitivity. We investigate the performance of the proposed FE with real data using the reading of the resistance of pre-formed ReRAM cells under various noise conditions. The results show a bit error rate (BER) in the range of 10−5 for the Polar-codes based method when 10% of the ReRAM cell array is erroneous at Signal to Noise Ratio (SNR) of 20dB.This error rate is achieved by using helper data length of 512 bits for a 256 bit cryptographic key. Our method uses a 2:1 ratio for helper data and key, much lower than the majority of previously reported methods. This property makes our method more robust against helper data attacks.

The progression of cryptographic attacks in the ICT era doubtless leads to the development of new cryptographic algorithms and assessment, and evaluation of the existing ones. In this paper, the artificial intelligence application, through the fuzzy analytic hierarchy process (FAHP) implementation, is used to rank criteria and sub-criteria on which the algorithms are based to determine the most promising criteria and optimize their use. Out of fifteen criteria, security soundness, robustness and hardware failure distinguished as significant ones.

The ternary interval number contains more comprehensive information than the exact number, and the prediction of the ternary interval number is more conducive to intelligent decision-making. In order to reduce the overfitting problem of the neural network model, a combination prediction method of the BP neural network and the matrix GM (1, 1) model for the ternary interval number sequence is proposed in the paper, and based on the proposed method to predict the passenger volume. The matrix grey model for the ternary interval number sequence (MTIGM (1, 1)) can stably predict the overall development trend of a time series. Considering the integrity of interval numbers, the BP neural network model is established by combining the lower, middle and upper boundary points of the ternary interval numbers. The combined weights of MTIGM (1, 1) and the BP neural network are determined based on the grey relational degree. The combined method is used to predict the total passenger volume and railway passenger volume of China, and the prediction effect is better than MTIGM (1, 1) and BP neural network.

With the rapid advancement of the electrical grid, substation automation systems (SASs) have been developing continuously. However, with the introduction of advanced features, such as remote control, potential cyber security threats in SASs are also increased. Additionally, crucial components in SASs, such as protection relays, usually come from third-party vendors and may not be fully trusted. Untrusted devices may stealthily perform harmful or unauthorised behaviours which could compromise or damage SASs, and therefore, bring adverse impacts to the primary plant. Thus, it is necessary to detect abnormal behaviours from an untrusted device before it brings about catastrophic impacts. Anomaly detection techniques are suitable to detect anomalies in SASs as they only bring minimal side-effects to normal system operations. Many researchers have developed various machine learning algorithms and mathematical models to improve the accuracy of anomaly detection. However, without prudent feature selection, it is difficult to achieve high accuracy when detecting attacks launched from internal trusted networks, especially for stealthy message modification attacks which only modify message payloads slightly and imitate patterns of benign behaviours. Therefore, this paper presents choices of features which improve the accuracy of anomaly detection within SASs, especially for detecting “stealthy” attacks. By including two additional features, Boolean control data from message payloads and physical values from sensors, our method improved the accuracy of anomaly detection by decreasing the false-negative rate from 25% to 5% approximately.

The critical nature of smart grids (SGs) attracts various network attacks and malicious manipulations. Existent SG solutions are less capable of ensuring secure and trustworthy operation. This is due to the large-scale nature of SGs and reliance on network protocols for trust management. A particular example of such severe attacks is the false data injection (FDI). FDI refers to a network attack, where meters' measurements are manipulated before being reported in such a way that the energy system takes flawed decisions. In this paper, we exploit the secure nature of blockchains to construct a data management framework based on public blockchain. Our framework enables trustworthy data storage, verification, and exchange between SG components and decision-makers. Our proposed system enables miners to invest their computational power to verify blockchain transactions in a fully distributed manner. The mining logic employs machine learning (ML) techniques to identify the locations of compromised meters in the network, which are responsible for generating FDI attacks. In return, miners receive virtual credit, which may be used to pay their electric bills. Our design circumvents single points of failure and intentional FDI attempts. Our numerical results compare the accuracy of three different ML-based mining logic techniques in two scenarios: focused and distributed FDI attacks for different attack levels. Finally, we proposed a majority-decision mining technique for the practical case of an unknown FDI attack level.

Digitization has been rapidly integrated with manufacturing industries and critical infrastructure to increase efficiency, productivity, and reduce wastefulness, a transition being labeled as Industry 4.0. However, this expansion, coupled with the poor cybersecurity posture of these Industrial Internet of Things (IIoT) devices, has made them prolific targets for exploitation. Moreover, modern Programmable Logic Controllers (PLC) used in the Operational Technology (OT) sector are adopting open-source operating systems such as Linux instead of proprietary software, making such devices susceptible to Linux-based malware. Traditional malware detection approaches cannot be applied directly or extended to such environments due to the unique restrictions of these PLC devices, such as limited computational power and real-time requirements. In this paper, we propose ORRIS, a novel lightweight and out-of-the-device framework that detects malware at both kernel and user-level by processing the information collected using the Joint Test Action Group (JTAG) interface. We evaluate ORRIS against in-the-wild Linux malware achieving maximum detection accuracy of ≈99.7% with very few false-positive occurrences, a result comparable to the state-of-the-art commercial products. Moreover, we also develop and demonstrate a real-time implementation of ORRIS for commercial PLCs.

The advent of IoT edge devices has enabled the collection of rich datasets, as part of Mobile Crowd Sensing (MCS), which has emerged as a key enabler for a wide gamut of safety-critical applications ranging from traffic control, environmental monitoring to assistive healthcare. Despite the clear advantages that such unprecedented quantity of data brings forth, it is also subject to inherent data trustworthiness challenges due to factors such as malevolent input and faulty sensors. Compounding this issue, there has been a plethora of proposed solutions, based on the use of traditional machine learning algorithms, towards assessing and sifting faulty data without any assumption on the trustworthiness of their source. However, there are still a number of open issues: how to cope with the presence of strong, colluding adversaries while at the same time efficiently managing this high influx of incoming user data. In this work, we meet these challenges by proposing the hybrid use of Deep Learning schemes (i.e., LSTMs) and conventional Machine Learning classifiers (i.e. One-Class Classifiers) for detecting and filtering out false data points. We provide a prototype implementation coupled with a detailed performance evaluation under various (attack) scenarios, employing both real and synthetic datasets. Our results showcase how the proposed solution outperforms various existing resilient aggregation and outlier detection schemes.

We use discrete-time adaptive control theory to design a novel false data injection (FDI) attack against automatic generation control (AGC), a critical system that maintains a power grid at its requisite frequency. FDI attacks can cause equipment damage or blackouts by falsifying measurements in the streaming sensor data used to monitor the grid's operation. Compared to prior work, the proposed attack (i) requires less knowledge on the part of the attacker, such as correctly forecasting the future demand for power; (ii) is stealthier in its ability to bypass standard methods for detecting bad sensor data and to keep the false sensor readings near historical norms until the attack is well underway; and (iii) can sustain the frequency excursion as long as needed to cause real-world damage, in spite of AGC countermeasures. We validate the performance of the proposed attack on realistic 37-bus and 118-bus setups in PowerWorld, an industry-strength power system simulator trusted by real-world operators. The results demonstrate the attack's improved stealthiness and effectiveness compared to prior work.

Vehicular Ad-Hoc Network (VANET) is a subcategory of Intelligent Transportation Systems (ITS) that allows vehicles to communicate with other vehicles and static roadside infrastructure. However, the integration of cyber and physical systems introduce many possible points of attack that make VANET vulnerable to cyber attacks. In this paper, we implemented a machine learning-based intrusion detection system that identifies False Data Injection (FDI) attacks on a vehicular network. A co-simulation framework between MATLAB and NS-3 is used to simulate the system. The intrusion detection system is installed in every vehicle and processes the information obtained from the packets sent by other vehicles. The packet is classified into either trusted or malicious using Support Vector Machines (SVM). The comparison of the performance of the system is evaluated in different scenarios using the following metrics: classification rate, attack detection rate, false positive rate, and detection speed. Simulation results show that the SVM-based IDS is able to provide high accuracy detection, low false positive rate, consequently improving the traffic congestion in the simulated highway.

In order to protect the safety of power grid, improve the early warning precision of false data injection. This paper presents a dynamic detection model for false data injection attacks. Based on the characteristics of APT attacks, a model of attack characteristics for trusted regions is constructed. In order to realize the accurate state estimation, unscented Kalman filtering algorithm is used to estimate the state of nonlinear power system and realize dynamic attack detection. Experimental results show that the precision of this method is higher than 90%, which verifies the effectiveness of this paper in attack detection.

Malware detection is an important area of cyber security. Computer systems rely on malware detection applications to prevent malware attacks from succeeding. Malware detection is not a straightforward task, as new variants of malware are generated at an increasing rate. Machine learning (ML) has been utilised to generate predictive classification models to identify new malware variants which conventional malware detection methods may not detect. Machine learning, has however, been found to be vulnerable to different types of adversarial attacks, in which an attacker is able to negatively affect the classification ability of the ML model. Several defensive measures to prevent adversarial poisoning attacks have been developed, but they often rely on the use of a trusted clean dataset to help identify and remove adversarial examples from the training dataset. The defence in this paper does not require a trusted clean dataset, but instead, identifies intentional false negatives (zero day malware classified as benign) at the testing stage by examining the activation weights of the ML model. The defence was able to identify 94.07% of the successful targeted poisoning attacks.

With the proliferation of false redundant information on various e-commerce platforms, ineffective recommendations and other untrustworthy behaviors have seriously hindered the healthy development of e-commerce platforms. Modern recommendation systems often use side information to alleviate these problems and also increase prediction accuracy. One such piece of side information, which has been widely investigated, is trust. However, it is difficult to obtain explicit trust relationship data, so researchers infer trust values from other methods, such as the user-to-item relationship. In this paper, addressing the problems, we proposed a novel trust-based recommender model called UITrust, which uses user-item relationship value to improve prediction accuracy. With the improvement the traditional similarity measures by employing the entropies of user and item history ratings to reflect the global rating behavior on both. We evaluate the proposed model using two real-world datasets. The proposed model performs significantly better than the baseline methods. Also, we can use the UITrust to alleviate the sparsity problem associated with correlation-based similarity. In addition to that, the proposed model has a better computational complexity for making predictions than the k-nearest neighbor (kNN) method.

Cyber-Physical Power Systems (CPPSs) currently face an increasing number of security attacks and lack methods for optimal proactive security decisions to defend the attacks. This paper proposed an optimal defensive method based on game theory to minimize the system performance deterioration of CPPSs under cyberspace attacks. The reinforcement learning algorithmic solution is used to obtain the Nash equilibrium and a set of metrics of system vulnerabilities are adopted to quantify the cost of defense against cyber-attacks. The minimax-Q algorithm is utilized to obtain the optimal defense strategy without the availability of the attacker's information. The proposed solution is assessed through experiments based on a realistic power generation microsystem testbed and the numerical results confirmed its effectiveness.

With the rapid development of communication net-work, the types and quantities of network traffic data have in-creased substantially. What followed was the frequent occurrence of versatile cyber attacks. As an important part of network security, the network-based intrusion detection system (NIDS) can monitor and protect the network equippments and terminals in real time. The traditional detection methods based on deep learning (DL) are always in supervised manners in NIDS, which can automatically build end-to-end detection model without man-ual feature extraction and selection by domain experts. However, supervised learning methods require large-scale labeled data, yet capturing large labeled datasets is a very cubersome, tedious and time-consuming manual task. Instead, unsupervised learning is an effective way to overcome this problem. Nonetheless, the ex-isting unsupervised methods are prone to low detection efficiency and are difficult to train. In this paper we propose a novel NIDS method called PGAN based on generative adversarial network (GAN) to detect the abnormal traffic from the perspective of Anomaly Detection, which leverage the competitive speciality of adversarial training to learn the normal traffic. Based on the public dataset CICIDS2017, three experimental results show that PGAN can significantly outperform other unsupervised methods like stacked autoencoder (SAE) and isolation forest (IF).

The development of artificial intelligence will certainly fundamentally change the pattern of human work. With the promotion of top-level strategies, vocational education can only develop sustainably by integrating with science and technology. Artificial intelligence is a branch of computer science that studies the basic theories, methods and techniques of how to apply computer hardware and software to simulate certain intelligent human behaviors. Artificial intelligence applied to vocational education mainly focuses on resource network technology and integrated distributed intelligent system, which organically integrates various different expert systems (ES), management information systems (MIS), intelligent networks, decision support systems (DSS), databases, numerical computing packages and graphics processing programs to solve complex problems. Artificial intelligence will certainly empower vocational education and give rise to a vocational education revolution. In the process of continuous improvement of AI, it is a more practical approach to apply various already mature AI technologies to vocational education practice. Establishing an intelligent vocational education ecology enables traditional education and AI to complement each other's advantages and jointly promote the healthy and sustainable development of vocational education ecology.