Biblio

The vulnerability assessment of the cyber-physical power system based on complex network theory is applied in this paper. The influence of the power system statistics upon the system vulnerability is studied based on complex network theory. The electrical betweenness is defined to suitably describe the power system characteristics. The real power systems are utilized as examples to analyze the distribution of the degree and betweenness of the power system as a complex network. The topology model of the cyber-physical power system is formed, and the static analysis is implemented to the study of the cyber-physical power system structural vulnerability. The IEEE 300 bus test system is selected to verify the model.

Secure multi-party computation(SMPC) is an important research field in cryptography, secure multi-party computation has a wide range of applications in practice. Accordingly, information security issues have arisen. Aiming at security issues in Secure multi-party computation, we consider that semi-honest participants have malicious operations such as collusion in the process of information interaction, gaining an information advantage over honest parties through collusion which leads to deviations in the security of the protocol. To solve this problem, we combine information entropy to propose an n-round information exchange protocol, in which each participant broadcasts a relevant information value in each round without revealing additional information. Through the change of the uncertainty of the correct result value in each round of interactive information, each participant cannot determine the correct result value before the end of the protocol. Security analysis shows that our protocol guarantees the security of the output obtained by the participants after the completion of the protocol.

With the advancement of network physical social system (npss), a large amount of data privacy has become the targets of hacker attacks. Due to the complex and changeable attack methods of hackers, network security threats are becoming increasingly severe. As an important type of active defense, honeypots use the npss as a carrier to ensure the security of npss. However, traditional honeynet structures are relatively fixed, and it is difficult to trap hackers in a targeted manner. To bridge this gap, this paper proposes a recommendation method for LSTM prediction trap components based on attention mechanism. Its characteristic lies in the ability to predict hackers' attack interest, which increases the active trapping ability of honeynets. The experimental results show that the proposed prediction method can quickly and effectively predict the attacking behavior of hackers and promptly provide the trapping components that hackers are interested in.

Multi-stage Proof-of-Work is a recently proposed protocol which extends the Proof-of-Work protocol used in Bitcoin. It splits Proof-of-Work into multiple stages, to achieve a more efficient block generation and a fair reward distribution. In this paper we study some of the Multi-stage Proof-of-Work security vulnerabilities. Precisely, we present two attacks: a Selfish Mining attack and a Selfish Stage-Withholding attack. We show that Multi-stage Proof-of-Work is not secure against a selfish miner owning more than 25% of the network hashing power. Moreover, we show that Selfish Stage-Withholding is a complementary strategy to boost a selfish miner's profitability.

With the development of 5G technology and intelligent terminals, the future direction of the Industrial Internet of Things (IIoT) evolution is Pervasive Edge Computing (PEC). In the pervasive edge computing environment, intelligent terminals can perform calculations and data processing. By migrating part of the original cloud computing model's calculations to intelligent terminals, the intelligent terminal can complete model training without uploading local data to a remote server. Pervasive edge computing solves the problem of data islands and is also successfully applied in scenarios such as vehicle interconnection and video surveillance. However, pervasive edge computing is facing great security problems. Suppose the remote server is honest but curious. In that case, it can still design algorithms for the intelligent terminal to execute and infer sensitive content such as their identity data and private pictures through the information returned by the intelligent terminal. In this paper, we research the problem of honest but curious remote servers infringing intelligent terminal privacy and propose a differential privacy collaborative deep learning algorithm in the pervasive edge computing environment. We use a Gaussian mechanism that meets the differential privacy guarantee to add noise on the first layer of the neural network to protect the data of the intelligent terminal and use analytical moments accountant technology to track the cumulative privacy loss. Experiments show that with the Gaussian mechanism, the training data of intelligent terminals can be protected reduction inaccuracy.

Existing group shilling attack detection methods mainly depend on human feature engineering to extract group attack behavior features, which requires a high knowledge cost. To address this problem, we propose a group shilling attack detection method based on maximum density subtensor mining. First, the rating time series of each item is divided into time windows and the item tensor groups are generated by establishing the user-rating-time window data models of three-dimensional tensor. Second, the M-Zoom model is applied to mine the maximum dense subtensor of each item, and the subtensor groups with high consistency of behaviors are selected as candidate groups. Finally, a dual-input convolutional neural network model is designed to automatically extract features for the classification of real users and group attack users. The experimental results on the Amazon and Netflix datasets show the effectiveness of the proposed method.

Recommender systems, which aim to suggest personalized lists of items for users, have drawn a lot of attention. In fact, many of these state-of-the-art recommender systems have been built on deep neural networks (DNNs). Recent studies have shown that these deep neural networks are vulnerable to attacks, such as data poisoning, which generate fake users to promote a selected set of items. Correspondingly, effective defense strategies have been developed to detect these generated users with fake profiles. Thus, new strategies of creating more ‘realistic’ user profiles to promote a set of items should be investigated to further understand the vulnerability of DNNs based recommender systems. In this work, we present a novel framework CopyAttack. It is a reinforcement learning based black-box attacking method that harnesses real users from a source domain by copying their profiles into the target domain with the goal of promoting a subset of items. CopyAttack is constructed to both efficiently and effectively learn policy gradient networks that first select, then further refine/craft user profiles from the source domain, and ultimately copy them into the target domain. CopyAttack’s goal is to maximize the hit ratio of the targeted items in the Top-k recommendation list of the users in the target domain. We conducted experiments on two real-world datasets and empirically verified the effectiveness of the proposed framework. The implementation of CopyAttack is available at https://github.com/wenqifan03/CopyAttack.

Recommender systems have been proved to be effective techniques to provide users with better experiences. However, when a recommender knows the user's preference characteristics or gets their sensitive information, then a series of privacy concerns are raised. A amount of solutions in the literature have been proposed to enhance privacy protection degree of recommender systems. Although the existing solutions have enhanced the protection, they led to a decrease in recommendation accuracy simultaneously. In this paper, we propose a security-aware hybrid recommendation method by combining the factorization and regression techniques. Specifically, the differential privacy mechanism is integrated into data pre-processing for data encryption. Firstly data are perturbed to satisfy differential privacy and transported to the recommender. Then the recommender calculates the aggregated data. However, applying differential privacy raises utility issues of low recommendation accuracy, meanwhile the use of a single model may cause overfitting. In order to tackle this challenge, we adopt a fusion prediction model by combining linear regression (LR) and matrix factorization (MF) for collaborative recommendation. With the MovieLens dataset, we evaluate the recommendation accuracy and regression of our recommender system and demonstrate that our system performs better than the existing recommender system under privacy requirement.

In a group shilling attack, attackers work collaboratively to inject fake profiles aiming to obtain desired recommendation result. This type of attacks is more harmful to recommender systems than individual shilling attacks. Previous studies pay much attention to detect individual attackers, and little work has been done on the detection of shilling groups. In this work, we introduce a topic modeling method of natural language processing into shilling attack detection and propose a shilling group detection method on the basis of hierarchical topic model. First, we model the given dataset to a series of user rating documents and use the hierarchical topic model to learn the specific topic distributions of each user from these rating documents to describe user rating behaviors. Second, we divide candidate groups based on rating value and rating time which are not involved in the hierarchical topic model. Lastly, we calculate group suspicious degrees in accordance with several indicators calculated through the analysis of user rating distributions, and use the k-means clustering algorithm to distinguish shilling groups. The experimental results on the Netflix and Amazon datasets show that the proposed approach performs better than baseline methods.

Session-based recommendation is the task of predicting user actions during short online sessions. The user is considered to be anonymous in this setting, with no past behavior history available. Predicting anonymous users' next actions and their preferences in the absence of historical user behavior information is valuable from a cybersecurity and aerospace perspective, as cybersecurity measures rely on the prompt classification of novel threats. Our offered solution builds upon the previous representation learning work originating from natural language processing, namely BERT, which stands for Bidirectional Encoder Representations from Transformers (Devlin et al., 2018). In this paper we propose CyberBERT, the first deep session-based recommender system to employ bidirectional transformers to model the intent of anonymous users within a session. The session-based setting lends itself to applications in threat recognition, through monitoring of real-time user behavior using the CyberBERT architecture. We evaluate the efficiency of this dynamic state method using the Windows PE Malware API sequence dataset (Catak and Yazi, 2019), which contains behavior for 7107 API call sequences executed by 8 classes of malware. We compare the proposed CyberBERT solution to two high-performing benchmark algorithms on the malware dataset: LSTM (Long Short-term Memory) and transformer encoder (Vaswani et al., 2017). We also evaluate the method using the YOOCHOOSE 1/64 dataset, which is a session-based recommendation dataset that contains 37,483 items, 719,470 sessions, and 31,637,239 clicks. Our experiments demonstrate the advantage of a bidirectional architecture over the unidirectional approach, as well as the flexibility of the CyberBERT solution in modelling the intent of anonymous users in a session. Our system achieves state-of-the-art measured by F1 score on the Windows PE Malware API sequence dataset, and state-of-the-art for P@20 and MRR@20 on YOOCHOOSE 1/64. As CyberBERT allows for user behavior monitoring in the absence of behavior history, it acts as a robust malware classification system that can recognize threats in aerospace systems, where malicious actors may be interacting with a system for the first time. This work provides the backbone for systems that aim to protect aviation and aerospace applications from prospective third-party applications and malware.

In the economics environment, Job Matching is always a challenge involving the evolution of knowledge and skills. A good matching of skills and jobs can stimulate the growth of economics. Recommender System (RecSys), as one kind of Job Matching, can help the candidates predict the future job relevant to their preferences. However, RecSys still has the problem of cold start and data sparsity. The content-based filtering in RecSys needs the adaptive data for the specific staffing tasks of Bidirectional Encoder Representations from Transformers (BERT). In this paper, we propose a job RecSys based on skills and locations using a domain-specific Knowledge Graph (KG). This system has three parts: a pipeline of Named Entity Recognition (NER) and Relation Extraction (RE) using BERT; a standardization system for pre-processing, semantic enrichment and semantic similarity measurement; a domain-specific Knowledge Graph (KG). Two different relations in the KG are computed by cosine similarity and Term Frequency-Inverse Document Frequency (TF-IDF) respectively. The raw data used in the staffing RecSys include 3000 descriptions of job offers from Indeed, 126 Curriculum Vitae (CV) in English from Kaggle and 106 CV in French from Linx of Capgemini Engineering. The staffing RecSys is integrated under an architecture of Microservices. The autonomy and effectiveness of the staffing RecSys are verified through the experiment using Discounted Cumulative Gain (DCG). Finally, we propose several potential research directions for this research.

Aiming at group shilling attacks in recommender systems, a shilling group detection approach based on triangle dense subgraph mining is proposed. First, the user relation graph is built by mining the relations among users in the rating dataset. Second, the improved triangle dense subgraph mining method and the personalizing PageRank seed expansion algorithm are used to divide candidate shilling groups. Finally, the suspicious degrees of candidate groups are calculated using several group detection indicators and the attack groups are obtained. Experiments indicate that our method has better detection performance on the Amazon and Yelp datasets than the baselines.

In Social Aware Network (SAN) model, the elementary actions focus on investigating the attributes and behaviors of the customer. This analysis of customer attributes facilitate in the design of highly active and improved protocols. In specific, the recommender systems are highly vulnerable to the shilling attack. The recommender system provides the solution to solve the issues like information overload. Collaborative filtering based recommender systems are susceptible to shilling attack known as profile injection attacks. In the shilling attack, the malicious users bias the output of the system's recommendations by adding the fake profiles. The attacker exploits the customer reviews, customer ratings and fake data for the processing of recommendation level. It is essential to detect the shilling attack in the network for sustaining the reliability and fairness of the recommender systems. This article reviews the most prominent issues and challenges of shilling attack. This paper presents the literature survey which is contributed in focusing of shilling attack and also describes the merits and demerits with its evaluation metrics like attack detection accuracy, precision and recall along with different datasets used for identifying the shilling attack in SAN network.

Recommender systems in software engineering provide developers with a wide range of valuable items to help them complete their tasks. Among others, API recommender systems have gained momentum in recent years as they became more successful at suggesting API calls or code snippets. While these systems have proven to be effective in terms of prediction accuracy, there has been less attention for what concerns such recommenders’ resilience against adversarial attempts. In fact, by crafting the recommenders’ learning material, e.g., data from large open-source software (OSS) repositories, hostile users may succeed in injecting malicious data, putting at risk the software clients adopting API recommender systems. In this paper, we present an empirical investigation of adversarial machine learning techniques and their possible influence on recommender systems. The evaluation performed on three state-of-the-art API recommender systems reveals a worrying outcome: all of them are not immune to malicious data. The obtained result triggers the need for effective countermeasures to protect recommender systems against hostile attacks disguised in training data.

In the last few years, cluster ensembles have emerged as powerful techniques that integrate multiple clustering methods into recommender systems. Such integration leads to improving the performance, quality and the accuracy of the generated recommendations. This paper proposes a novel recommender system based on a cluster ensemble technique for big data. The proposed system incorporates the collaborative filtering recommendation technique and the cluster ensemble to improve the system performance. Besides, it integrates the Expectation-Maximization method and the HyperGraph Partitioning Algorithm to generate new recommendations and enhance the overall accuracy. We use two real-world datasets to evaluate our system: TED Talks and MovieLens. The experimental results show that the proposed system outperforms the traditional methods that utilize single clustering techniques in terms of recommendation quality and predictive accuracy. Most importantly, the results indicate that the proposed system provides the highest precision, recall, accuracy, F1, and the lowest Root Mean Square Error regardless of the used similarity strategy.

Recommender systems help people in finding a particular item based on their preference from a wide range of products in online shopping rapidly. One of the most popular models of recommendation systems is the Collaborative Filtering Recommendation System (CFRS) that recommend the top-K items to active user based on peer grouping user ratings. The implementation of CFRS is easy and it can easily be attacked by fake users and affect the recommendation. Fake users create a fake profile to attack the RS and change the output of it. Different attack types with different features and attacking methods exist in which decrease the accuracy. It is important to detect fake users, remove their rating from rating matrix and recognize the items has been attacked. In the recent years, many algorithms have been proposed to detect the attackers but first, researchers have to inject the attack type into their dataset and then evaluate their proposed approach. The purpose of this article is to develop a tool to inject the different attack types to datasets. Proposed tool constructs a new dataset containing the fake users therefore researchers can use it for evaluating their proposed attack detection methods. Researchers could choose the attack type and the size of attack with a user interface of our proposed tool easily.

The physical layer secret key generation exploiting wireless channel reciprocity has attracted considerable attention in the past two decades. On-going research have demonstrated its viability in various radio frequency (RF) systems. Most of existing work rely on quantization technique to convert channel measurements into digital binaries that are suitable for secret key generation. However, non-simultaneous packet exchanges in time division duplex systems and noise effects in practice usually create random channel measurements between two users, leading to inconsistent quantization results and mismatched secret bits. While significant efforts were spent in recent research to mitigate such non-reciprocity, no efficient method has been found yet. Unlike existing quantization-based approaches, we take a different viewpoint and perform the secret key agreement by solving a bipartite graph matching problem. Specifically, an efficient dual-permutation secret key generation method, DP-SKG, is developed to match the randomly permuted channel measurements between a pair of users by minimizing their discrepancy holistically. DP-SKG allows two users to generate the same secret key based on the permutation order of channel measurements despite the non-reciprocity over wireless channels. Extensive experimental results show that DP-SKG could achieve error-free key agreement on received signal strength (RSS) with a low cost under various scenarios.

True random number generators (TRNG) are widely used to generate encryption keys in information security systems [1]–[2]. In TRNG, entropy source is a critical module who provides the source of randomness of output bit stream. The unavoidable electrical noise in circuit becomes an ideal entropy source due to its unpredictability. Among the methods of capturing electrical noise, ring oscillator-based entropy source makes the TRNG most robust to deterministic noise and 1/f noise which means the strongest anti-interference capability, so it is simple in structure and easy to integrate [3]. Thus, great research attention has focused on ring oscillator-based TRNGs [3] –[7]. In [4], a high-speed TRNG with 100Mbps output bit rate was proposed, but it took up too much power and area. A TRNG based on tetrahedral ring oscillator was proposed in [5]. Its power consumption was very low but the output bit rate was also very low. A ring oscillator-based TRNG with low output bit rate but high power was proposed in [7]. In a word, none of the above architectures achieve an appropriate compromise between bit rate and power consumption. This work presents a new feedback architecture of TRNG based on tetrahedral ring oscillator. The output random bit stream generates a relative random control voltage that acts on the transmission gates in oscillator through a feedback loop, thus increasing phase jitter of the oscillator and improving output bit rate. Furthermore, an XOR chain-based post-processing unit is added to eliminate the statistical deviations and correlations between raw bits.

Symbiotic radio (SR) has recently emerged as a promising technology to boost spectrum efficiency of wireless communications by allowing reflective communications underlying the active RF communications. In this paper, we leverage SR to boost physical layer security by using an array of passive reflecting elements constituting the intelligent reflecting surface (IRS), which is reconfigurable to induce diverse RF radiation patterns. In particular, by switching the IRS's phase shifting matrices, we can proactively create dynamic channel conditions, which can be exploited by the transceivers to extract common channel features and thus used to generate secret keys for encrypted data transmissions. As such, we firstly present the design principles for IRS-assisted key generation and verify a performance improvement in terms of the secret key generation rate (KGR). Our analysis reveals that the IRS's random phase shifting may result in a non-uniform channel distribution that limits the KGR. Therefore, to maximize the KGR, we propose both a heuristic scheme and deep reinforcement learning (DRL) to control the switching of the IRS's phase shifting matrices. Simulation results show that the DRL approach for IRS-assisted key generation can significantly improve the KGR.

This article describes the process of synchronizing the generation of random sequences by a quantum random number generator (QRNG) that can be used as secret keys for known cryptographic transformations. The subject of the research is a method for synchronizing the generation of random QRNG sequences based on L1 (C/A) signals of the global positioning system (GPS) using control correcting information received from control correcting stations.

There are numerous areas relied on random numbers. As one knows, in Cryptography, randomness plays a vital role from key generation to encrypting the systems. If randomness is not created effectively, the whole system is vulnerable to security threats where an outsider can easily predict the algorithm used to generate the random numbers in the system. Another main application where one would not touch is the role of random numbers in different devices mainly storage-related like Solid State Drives, Universal Serial Bus (USB), Secure Digital (SD) cards random performance testing. This paper focuses on various novel algorithms to generate random numbers for efficient performance evaluation of different drives. The main metrics for performance testing is random read and write performance. Here, the biggest challenge to test the random performance of the drive is not only the extent to which randomness is created but also the testing should cover the entire device (say complete NAND, NOR, etc.). So, the random number generator should generate in such a way that the random numbers should not be able to be predicted and must generate the numbers covering the entire range. This paper proposes different methods for such generators and towards the end, discusses the implementation in Field Programmable Gate Array (FPGA).

Common randomness of channels offers the possibility to create cryptographic keys without the need for a key exchange procedure. Channel reciprocity for TDD (time-division duplexing) systems has been used for this purpose many times. FDD (frequency-division duplexing) systems, however, were long considered to not provide any usable symmetry. However, since the scattering transmission parameters S\textbackslashtextlessinf\textbackslashtextgreater12\textbackslashtextless/inf\textbackslashtextgreater and S\textbackslashtextlessinf\textbackslashtextgreater21\textbackslashtextless/inf\textbackslashtextgreater would ideally be the same due to reciprocity, when using neighboring frequency ranges for both directions, they would just follow a continuous curve when putting them next to each other. To not rely on absolute phase, we use phase differences between antennas and apply a polynomial curve fitting, thereafter, quantize the midpoint between the two frequency ranges with the two measurement directions. This is shown to work even with some spacing between the two bands. For key reconciliation, we force the measurement point from one direction to be in the midpoint of the quantization interval by a grid shift (or likewise measurement data shift). Since the histogram over the quantization intervals does not follow a uniform distribution, some source coding / hashing will be necessary. The key disagreement rate toward an eavesdropper was found to be close to 0.5. Additionally, when using an antenna array, a random permutation of antenna measurements can even further improve the protection against eavesdropping.

The Multivariate Polynomial Public Key (MPPK) algorithm, over a prime Galois field, takes a multiplier multivariate polynomial and two multiplicand univariate solvable polynomials to create two product multivariate polynomials. One of variables is for secret message and all others are for noises. The public key consists of all coefficients of the product multivariate polynomials, except the two constant terms for the message variable. The private key is made of both multiplicands. Encryption takes a list of random numbers, over the prime Galois field. The first number is the secret to exchange. The other random numbers generate noise automatically cancelled by decryption. The secret is easily extracted from the evaluation of a solvable equation. The level of security provided by MPPK is adaptable. The algorithm can be used in several different ways. In this paper, we review the performance achieved by MPPK for several combinations of polynomial configurations and Galois field sizes. For every combination, we calculated key generation time, encryption time and decryption time. We also compare the effectiveness of MPPK with the performance of all four NIST PQC finalists. For MPPK, the data has been collected from the execution of an implementation in Java. In comparison to the NIST PQC finalists, MPPK key generation, encryption and decryption performance is excellent.

In recent years, many modifications have been done to combat the weaknesses of the Vigenère Cipher Algorithm. Several studies have been carried out to rectify the flaw of the algorithm’s repeating key nature by increasing the key length equal to that of the plain text. However, some characters cannot be encrypted due to the limited set of characters in the key. This paper modified the algorithm’s key generation process using a Pseudo-Random Number Generator to improve the algorithm’s security and expanded the table of characters to up to 190 characters. The results show that based on Monobit examination and frequency analysis, the repeating nature of the key is non-existent, and the generated key can be used to encrypt a larger set of characters. The ciphertext has a low IC value of 0.030, which is similar to a random string and polyalphabetic cipher with an IC value of 0.038 but not equal to a monoalphabetic cipher with an IC value of 0.065. Results show that the modified version of the algorithm performs better than some of the recent studies conducted on it

Distribution of keys in classical cryptography is one of the most significant affairs to deal with. The computational hardness is the fundamental basis of the security of these keys. However, in the era of quantum computing, quantum computers can break down these keys with their substantially more computation capability than normal computers. For instance, a quantum computer can easily break down RSA or ECC in polynomial time. In order to make the keys quantum resistant, Quantum Key Distribution (QKD) is developed to enforce security of the classical cryptographic keys from the attack of quantum computers. By using quantum mechanics, QKD can reinforce the durability of the keys of classical cryptography, which were practically unbreakable during the pre-quantum era. Thus, an extensive study is required to understand the importance of QKD to make the classical cryptographic key distributions secure against both classical and quantum computers. Therefore, in this paper, we discuss trends and limitations of key management protocols in classical cryptography, and demonstrates a relative study of different QKD protocols. In addition, we highlight the security implementation aspects of QKD, which lead to the solution of threats occurring in a quantum computing scenario, such that the cryptographic keys can be quantum resistant.